Client reported tool (https:\/\/www.uvm.edu\/htpasswd) wasn’t behaving.<\/p>\n
<\/p>\n
Some time ago, the webteam decided to change their convention for providing friendly urls. They create a friendly alias in htdocs, and point it at a folder named website in the owners home directory. For example,<\/p>\n
https:\/\/www.uvm.edu\/~ugrsrch\/<\/a>\u00a0, files in \/users\/u\/g\/ugrsrch\/public_html<\/p>\n https:\/\/www.uvm.edu\/ugresearch\/<\/a>\u00a0, files in \/users\/u\/g\/ugrsrch\/website<\/p>\n (Never mind that if both folders exist, these are now two distinct websites. Holy broken bookmarks and more, Batman.)<\/p>\n So, the password utility at<\/p>\n https:\/\/www.uvm.edu\/htpasswd<\/a><\/p>\n needed to be updated to recognize the existence and priority of a website folder. this was actually pretty easy. The tricky part is the construction of .htaccess . Given a REMOTE_USER of kapoodle, it is easy enough to generate this, to force SSL:<\/p>\n SSLRequireSSL But now our client wants\u00a0http:\/\/www.uvm.edu\/MyronKapoodle<\/a>. How do I infer<\/p>\n SSLRequireSSL <\/p>\n turns out not to be an issue:\u00a0On Mar 6, 2013, at 1:42 PM, Benjamin Coddington <bcodding@uvm.edu<\/a>> wrote:<\/p>\n Wes, I don’t think you need to worry about forcing SSL for authentication This nicely eliminated the possibility of sending WWW-Authenticate: Basic in Client reported tool (https:\/\/www.uvm.edu\/htpasswd) wasn’t behaving. Some time ago, the webteam decided to change their convention for providing friendly urls. They create a friendly alias in htdocs, and point it at a folder named website in the owners home … Continue reading
\nErrorDocument 403\u00a0https:\/\/www.uvm.edu\/~kapoodle<\/a><\/p>\n
\nErrorDocument 403\u00a0https:\/\/www.uvm.edu\/MyronKapoodle<\/a><\/p>\n
\nanymore. \u00a0A couple years ago we wrote an apache module that monitors all the
\nserver’s responses looking for the WWW-Authenticate: Basic header, and if
\nthe response would be sent un-encrypted the server instead hijacks the
\nresponse and turns it into a redirect to the same location over SSL.<\/p>\n
\nplain text, and I think it also means you don’t have to worry about
\nSSLRequireSSL and .htaccess-https for authentication purposes.<\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"