AuthPAM and forcing SSL

From Antiflux Wiki

(Difference between revisions)
Jump to: navigation, search
Current revision (19:06, 29 September 2007) (edit) (undo)
 
Line 15: Line 15:
* http://httpd.apache.org/docs/2.0/mod/mod_ssl.html
* http://httpd.apache.org/docs/2.0/mod/mod_ssl.html
* http://www.htaccesselite.com/htaccess/force-https-and-no-double-login-vt30.html
* http://www.htaccesselite.com/htaccess/force-https-and-no-double-login-vt30.html
 +
 +
[[Category:Admin]]

Current revision

Here's an easy way to force SSL for a page. Just put this in a .htaccess file in the directory you want to SSL protect.

 SSLOptions +StrictRequire
 SSLRequireSSL
 ErrorDocument 403 https://antiflux.org/path/to/whatever

The 403 redirect isn't perfect because people could be denied access for reasons other than attempting non-SSL access, but it works and it's very easy. SSL is essential when using AuthPAM to authenticate system accounts.

 AuthPAM_Enabled On
 AuthType Basic
 AuthName "secure area"
 require valid-user

References

Personal tools