Rewrite Rules, SSL, and .htaccess

• Previous message: security: "Re: ModSSL - Knoppix 3.3"
• Next in thread: Peter H. Lemieux: "Re: Rewrite Rules, SSL, and .htaccess"
• Reply: Peter H. Lemieux: "Re: Rewrite Rules, SSL, and .htaccess"
• Reply: Jeremy Miller: "Re: Rewrite Rules, SSL, and .htaccess"
• Maybe reply: Jeff Bollinger: "Re: Rewrite Rules, SSL, and .htaccess"
• Reply: Wallwork, Nathan: "Re: Rewrite Rules, SSL, and .htaccess"
• Reply: Peter H. Lemieux: "Re: Rewrite Rules, SSL, and .htaccess"
• Maybe reply: Jeremy Miller: "Re: Rewrite Rules, SSL, and .htaccess"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: focus-linux@securityfocus.com
Date: Wed, 24 Mar 2004 23:47:15 -0700

Hi,

I have a .htaccess file protecting a certain directory on my site. When I
tried using the following Apache redirect, I was prompted for my password
once on the http version, and once on the https version:

<VirtualHost 192.168.3.7:80>
Redirect / https://www.mydomain.com/
</VirtualHost>

The point of using SSL on the password protected directory is to protect the
password from being passed in clear text. I think that a RewriteRule would
probably do the trick, but after reading the apache documentation (version
2.0.40) I have still not been able to set one up that works properly for the
various ways of accessing the site such as
http://www.mydomain.com/dir or www.mydomain.com/dir or mydomain.com/dir
or http://www.mydomain.com/dir/index.html etc.

Any suggestions?

Thanks,

Dave

• Previous message: security: "Re: ModSSL - Knoppix 3.3"
• Next in thread: Peter H. Lemieux: "Re: Rewrite Rules, SSL, and .htaccess"
• Reply: Peter H. Lemieux: "Re: Rewrite Rules, SSL, and .htaccess"
• Reply: Jeremy Miller: "Re: Rewrite Rules, SSL, and .htaccess"
• Maybe reply: Jeff Bollinger: "Re: Rewrite Rules, SSL, and .htaccess"
• Reply: Wallwork, Nathan: "Re: Rewrite Rules, SSL, and .htaccess"
• Reply: Peter H. Lemieux: "Re: Rewrite Rules, SSL, and .htaccess"
• Maybe reply: Jeremy Miller: "Re: Rewrite Rules, SSL, and .htaccess"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Rewrite Rules, SSL, and .htaccess ... > I have a .htaccess file protecting a certain directory on my site. ... > I tried using the following Apache redirect, ... > password once on the http version, and once on the https version: ... (Focus-Linux) Re: Rewrite Rules, SSL, and .htaccess ... Peter ... >> I have a .htaccess file protecting a certain directory on my site. ... >> I tried using the following Apache redirect, ... >> The point of using SSL on the password protected directory is to protect ... (Focus-Linux) Re: Rewrite Rules, SSL, and .htaccess ... > I have a .htaccess file protecting a certain directory on my site. ... I think that a RewriteRule ... > would probably do the trick, but after reading the apache documentation ... With this setup any http request to the server like ... (Focus-Linux) Re: Small Business Server 2003 R2 - OWA ... SBS server? ... "Protecting the world from PSTs and brick backups!" ... This occurs for both http and https. ... (microsoft.public.exchange.setup) Re: Foolin an IDS ? ... > is an understanding of the protocols that they are protecting. ... > HTTP, SSL and such. ... I think this is nice paper (about foolin HTTP by Whisker). ... (Focus-IDS)