stackoom
  简体   繁体   中英

Determine HTTPS in htaccess to Set Environment

 原文  2014-03-25 20:00:45       regex/ apache/ .htaccess/ mod-rewrite/ httpd.conf

Question

I want to redirect the user to the authentication page only if the request is 'https'.

Currently I have written the following in my .htaccess file to do the same, but it doesn't work. 

SetEnvIf Request_Protocol ^HTTPS.* IS_HTTPS

AuthType shibboleth
AuthName "Login"
ShibRequireSession on
require user abcd
Allow from env=IS_HTTPS

Is the regex for determining HTTPS correct? Earlier I had the SetEnvIf statement as follows. This too didn't work. 

SetEnvIf %{SERVER_PORT} ^80$ IS_NON_SSL

AuthType shibboleth
AuthName "Login"
ShibRequireSession on
require user abcd
Allow from env=!IS_NON_SSL

But as per the documentation for SetEnvIf directive ( http://httpd.apache.org/docs/2.2/mod/mod_setenvif.html ), the SERVER_PORT variable is not available.

2 answers

solution1
 3  2014-03-25 22:21:22

I don't think that the value Request_Protocol can be used to determine this – according to the docs page you linked, that contains something like (eg, "HTTP/0.9", "HTTP/1.1", etc.) – so the protocol itself will always be HTTP ; and that makes sense, as HTTPS is not a real “protocol”, but only the common name for HTTP with TLS “wrapped around it”, on the OSI level below it (6).

I'm not sure about the actual order of request processing (and don't know where to find it right now off the top of my head) – but maybe you could combine this with mod_rewrite to achieve what you want? A RewriteCond is able to check whether HTTPS is used by checking the variable HTTPS for the value on – and a RewriteRule following that condition could set an environment variable for you using the [E] flag – something like this: 

RewriteCond %{HTTPS} ^on$
RewriteRule . - [E=IS_HTTPS]

This will set the environment variable IS_HTTPS with an empty value, but that should be enough to check it with Allow from env=IS_HTTPS .

Mind giving this a try? As I said, I'm not sure if this will work because of processing order – but tryin' cost nuffin, right?

solution2
 0  2014-03-25 20:08:10

You can try: 

SetEnvIf Request_Protocol ^HTTPS.* IS_HTTPS

AuthType shibboleth
AuthName "Login"
ShibRequireSession on
require user abcd
Satisfy    any
Order      deny,allow
Deny from  all
Allow from env=IS_HTTPS

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Htaccess redirect https to another https .htaccess HTTPS redirect with exceptions apache .htaccess not redirecting to https in subfolder .htaccess force https but exclude a subdomain htaccess redirect for http but exclude https .htaccess redirect to https with conditions page Force HTTPS on .htaccess but only on production htaccess force https for certain directories .htaccess to redirect certain areas to https Redirect one url to https - .htaccess
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM