Rewrite Rules, SSL, and .htaccess

From: davec (davec_at_webpipe.net)
Date: 03/25/04

  • Next message: Peter H. Lemieux: "Re: Rewrite Rules, SSL, and .htaccess"
    To: focus-linux@securityfocus.com
    Date: Wed, 24 Mar 2004 23:47:15 -0700
    
    

    Hi,

    I have a .htaccess file protecting a certain directory on my site. When I
    tried using the following Apache redirect, I was prompted for my password
    once on the http version, and once on the https version:

    <VirtualHost 192.168.3.7:80>
    Redirect / https://www.mydomain.com/
    </VirtualHost>

    The point of using SSL on the password protected directory is to protect the
    password from being passed in clear text. I think that a RewriteRule would
    probably do the trick, but after reading the apache documentation (version
    2.0.40) I have still not been able to set one up that works properly for the
    various ways of accessing the site such as
    http://www.mydomain.com/dir or www.mydomain.com/dir or mydomain.com/dir
    or http://www.mydomain.com/dir/index.html etc.

    Any suggestions?

    Thanks,

    Dave


  • Next message: Peter H. Lemieux: "Re: Rewrite Rules, SSL, and .htaccess"

    Relevant Pages

    • Re: Rewrite Rules, SSL, and .htaccess
      ... > I have a .htaccess file protecting a certain directory on my site. ... > I tried using the following Apache redirect, ... > password once on the http version, and once on the https version: ...
      (Focus-Linux)
    • Re: Rewrite Rules, SSL, and .htaccess
      ... Peter ... >> I have a .htaccess file protecting a certain directory on my site. ... >> I tried using the following Apache redirect, ... >> The point of using SSL on the password protected directory is to protect ...
      (Focus-Linux)
    • Re: Rewrite Rules, SSL, and .htaccess
      ... > I have a .htaccess file protecting a certain directory on my site. ... I think that a RewriteRule ... > would probably do the trick, but after reading the apache documentation ... With this setup any http request to the server like ...
      (Focus-Linux)
    • Re: Small Business Server 2003 R2 - OWA
      ... SBS server? ... "Protecting the world from PSTs and brick backups!" ... This occurs for both http and https. ...
      (microsoft.public.exchange.setup)
    • Re: Foolin an IDS ?
      ... > is an understanding of the protocols that they are protecting. ... > HTTP, SSL and such. ... I think this is nice paper (about foolin HTTP by Whisker). ...
      (Focus-IDS)