AuthPAM and forcing SSL

From Antiflux Wiki

(Difference between revisions)

Current revision

Here's an easy way to force SSL for a page. Just put this in a .htaccess file in the directory you want to SSL protect.

 SSLOptions +StrictRequire
 SSLRequireSSL
 ErrorDocument 403 https://antiflux.org/path/to/whatever

The 403 redirect isn't perfect because people could be denied access for reasons other than attempting non-SSL access, but it works and it's very easy. SSL is essential when using AuthPAM to authenticate system accounts.

 AuthPAM_Enabled On
 AuthType Basic
 AuthName "secure area"
 require valid-user

References

http://httpd.apache.org/docs/2.0/mod/mod_ssl.html
http://www.htaccesselite.com/htaccess/force-https-and-no-double-login-vt30.html

Retrieved from "http://okcomputer.antiflux.org/wiki/AuthPAM_and_forcing_SSL"

Category: Admin

@@ Line 15: / Line 15: @@
 * http://httpd.apache.org/docs/2.0/mod/mod_ssl.html
 * http://www.htaccesselite.com/htaccess/force-https-and-no-double-login-vt30.html
+[[Category:Admin]]

AuthPAM and forcing SSL

From Antiflux Wiki

Current revision

Views

Personal tools

Navigation

Search

Toolbox