[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Authenticate when SSL is activeted only?

Hello there, 

    I wonder if I can authenticate my users only when they connect via https
    instead of http. For example, the .htaccess file is defined like
    this :
    ----------------------------------------------------------------
    AuthName "LDAP Authentication Required."
    AuthLDAPUrl ldap://example.com/dc=example,dc=com?uid?
    AuthType Basic
    Options Indexes FollowSymLinks MultiViews

    <Limit GET POST>
    Order deny,allow
    Deny from all
    Allow from 10.0.0.1
    Require user sb
    Satisfy Any
    </Limit>
    ----------------------------------------------------------------
    When sb connect to my apache server :
    1.  from 10.0.0.1, via http://example.com ->
        sb will be allowed to connect directly.
    2.  from 10.0.0.1, via https://example.com ->
        sb will be allowed to connect directly.
    3.  outside 10.0.0.1, via http://example.com ->
        sb will be rejected to connect.
    4.  outside 10.0.0.1, via https://example.com ->
        sb will be allowed to connect after successful authentication.

    I am running apache 1.3.26, apache-ssl 1.3.26 on Debian Woody 3.0r1.
    The reason is that I think a user should not type his LDAP account
    and password when the connection is not secure. Any comment is
    appreciated :)

Thanks


-- 
Trust & Unique ...
axacheng <axanet@ms32.hinet.net>
Reply to: