AuthPAM and forcing SSL
From Antiflux Wiki
(Difference between revisions)
Line 15: | Line 15: | ||
* http://httpd.apache.org/docs/2.0/mod/mod_ssl.html | * http://httpd.apache.org/docs/2.0/mod/mod_ssl.html | ||
* http://www.htaccesselite.com/htaccess/force-https-and-no-double-login-vt30.html | * http://www.htaccesselite.com/htaccess/force-https-and-no-double-login-vt30.html | ||
+ | |||
+ | [[Category:Admin]] |
Current revision
Here's an easy way to force SSL for a page. Just put this in a .htaccess file in the directory you want to SSL protect.
SSLOptions +StrictRequire SSLRequireSSL ErrorDocument 403 https://antiflux.org/path/to/whatever
The 403 redirect isn't perfect because people could be denied access for reasons other than attempting non-SSL access, but it works and it's very easy. SSL is essential when using AuthPAM to authenticate system accounts.
AuthPAM_Enabled On AuthType Basic AuthName "secure area" require valid-user
References