Apache directive for authenticated users?

Posted by Alex Leach on Server Fault See other posts from Server Fault or by Alex Leach
Published on 2012-12-06T00:31:29Z Indexed on 2012/12/07 5:08 UTC
Read the original article Hit count: 392

Filed under:
|
|

Using Apache 2.2, I would like to use mod_rewrite to redirect un-authenticated users to use https, if they are on http.. Is there a directive or condition one can test for whether a user is (not) authenticated?

For example, I could have set up the restricted /foo location on my server:-

<Location "/foo/">
    Order deny,allow
    # Deny everyone, until authenticated...
    Deny from all

    # Authentication mechanism
    AuthType Basic
    AuthName "Members only"
    # AuthBasicProvider ...
    # ... Other authentication stuff here.

    # Users must be valid.
    Require valid-user
    # Logged-in users authorised to view child URLs:
    Satisfy any

    # If not SSL, respond with HTTP-redirect
    RewriteCond ${HTTPS} off
    RewriteRule /foo/?(.*)$ https://${SERVER_NAME}/foo/$2 [R=301,L]

    # SSL enforcement.
    SSLOptions FakeBasicAuth StrictRequire
    SSLRequireSSL
    SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
</Location>

The problem here is that every file, in every subfolder, will be encrypted. This is quite unnecessary, but I see no reason to disallow it. What I would like is the RewriteRule to only be triggered during authentication. If a user is already authorised to view a folder, then I don't want the RewriteRule to be triggered. Is this possible?

EDIT:

I am not using any front-end HTML here. This is only using Apache's built-in directory browsing interface and its in-built authentication mechanisms. My <Directory> config is:

<Directory ~ "/foo/">
     Order allow,deny
     Allow from all
     AllowOverride None
     Options +Indexes +FollowSymLinks +Includes +MultiViews
     IndexOptions +FancyIndexing
     IndexOptions +XHTML
     IndexOptions NameWidth=*
     IndexOptions +TrackModified
     IndexOptions +SuppressHTMLPreamble
     IndexOptions +FoldersFirst
     IndexOptions +IgnoreCase
     IndexOptions Type=text/html
</Directory>

© Server Fault or respective owner

Related posts about apache2

Related posts about mod-rewrite