Andrew Joakimsen wrote:
On Sun, Nov 16, 2008 at 00:12, David C. Rankin
wrote: Spoke too soon. There is still a multiple password prompt when the https rewrite is invoked. Is there a way I can change the order of the directory definition in httpd.conf to avoid this?
The HTTP re-write is being password protected, that is:
1) User requests http://site.com/whatever/ -> Authentication request #1 2) Rewrite to https://site.com/whatever/ 3) Authentication #2 on the "new site"... the browser treats https://site.com & http://site.com as 2 different sites.
So simply setup the not https directory not to be password protected. Of course do not serve the files there, just the redirect/rewrite.
Thanks, but in this situation, the there isn't a way to separate files for access either by http or https, there is only one set of files that must be available to both protocols. The rewrite only occurs for access by IPs outside the local lan. I don't want users on the local lan to have to use https to access the files, but I do want everyone to have to authenticate. I don't want people outside the lan to access the files without https to prevent passwords from flying across public space in the clear. I know that http:// and https:// are two different authentication contexts, but why can't I just do a redirect before the authentication takes place? I'll keep digging. -- David C. Rankin, J.D.,P.E. | Rankin Law Firm, PLLC | Countdown for openSuSE 11.1 510 Ochiltree Street | http://counter.opensuse.org/11.1/small Nacogdoches, Texas 75961 | Telephone: (936) 715-9333 | openSoftware und SystemEntwicklung Facsimile: (936) 715-9339 | http://www.opensuse.org/ www.rankinlawfirm.com | -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org