Authenticate when SSL is activeted only?
Hello there,
I wonder if I can authenticate my users only when they connect via https
instead of http. For example, the .htaccess file is defined like
this :
----------------------------------------------------------------
AuthName "LDAP Authentication Required."
AuthLDAPUrl ldap://example.com/dc=example,dc=com?uid?
AuthType Basic
Options Indexes FollowSymLinks MultiViews
<Limit GET POST>
Order deny,allow
Deny from all
Allow from 10.0.0.1
Require user sb
Satisfy Any
</Limit>
----------------------------------------------------------------
When sb connect to my apache server :
1. from 10.0.0.1, via http://example.com ->
sb will be allowed to connect directly.
2. from 10.0.0.1, via https://example.com ->
sb will be allowed to connect directly.
3. outside 10.0.0.1, via http://example.com ->
sb will be rejected to connect.
4. outside 10.0.0.1, via https://example.com ->
sb will be allowed to connect after successful authentication.
I am running apache 1.3.26, apache-ssl 1.3.26 on Debian Woody 3.0r1.
The reason is that I think a user should not type his LDAP account
and password when the connection is not secure. Any comment is
appreciated :)
Thanks
--
Trust & Unique ...
axacheng <axanet@ms32.hinet.net>
Reply to: