Menu
I have an Apache in frontend that should redirect a request via a RewriteRule.
I have to put a basic authentication before the request is redirected, so I put this in the config file:
<VirtualHost *:443>
ServerAdmin xxxxxx
DocumentRoot /var/www/html/
ServerName xxxxxxx
RewriteEngine on
ErrorLog logs/error.log
CustomLog logs/access_log common
<Directory /var/www/html/>
AuthType Basic
AuthName "Restricted Files"
AuthUserFile /etc/httpd/conf/tag.pwd
Require valid-user
RewriteRule ^/(.*) http://xxxxxx:xxx/$1 [P,L]
</Directory>
</VirtualHost>
But it doesn't work.
Any suggestions?
UPDATE: I would expect that all requests after authentication would be redirected with the rule RewriteRule ^/(.*) xxxxxx:xxx/$1 [P,L] but this doesn't happen. Apache search the page under /var/www/html
961
The Apache web server allows for per-directory configuration through the use of . htaccess files. Users can password protect directories using the built-in Basic Authentication mechanism.
It is important to be aware, however, that Basic authentication sends the password from the client to the server unencrypted. This method should therefore not be used for highly sensitive data, unless accompanied by mod_ssl . Apache supports one other authentication method: AuthType Digest .
In general, Apache does the rewrite phase before the authorization phase, which is why your code performs the rewrite without ever asking for user to authenticate.
You can get around this with the LA-U:REMOTE_USER variable. Preface your RewriteRule with a condition which looks ahead ("LA") to the authorization phase:
RewriteCond %{LA-U:REMOTE_USER} !^$
RewriteRule ^/(.*) http://xxxxxx:xxx/$1 [L]
See notes about this in http://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewritecond
As other posters point out, it's also better to take the RewriteRule directives out of the block so they are more reliable.
107
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
