stackoom
  简体   繁体   中英

How to prompt only once with .htaccess for http and https?

 原文  2011-08-14 17:08:54       apache/ .htaccess/ https/ prompt

Question

I'm using .htaccess to protect a website at http://www.domain.com . Secure pages redirect to https://www.domain.com , and get the apache login prompt again.

How can we have only 1 apache login prompt for both http and https?

Thank you very much.

1 answers

solution1
 4 ACCPTED  2011-08-14 17:18:39

You can't. As far as the browser is concerned, http: and https: are two different websites, and you won't get it to tell the https: site which password the user entered for the http: site. Doing so would be a serious security bug in general, and the HTTP authentication protocol is not advanced enough to allow the http: server to tell the browser, "it is OK to repeat this password for such-and-such site". (And why would you trust a security exception given to you by a mere http: site anyway?)

Why don't you just do everything over https?

Or, put differently, why do you do anything that requires authentication over plain HTTP? That's not very secure. And if you have something on the https site that deserves https security, an attacker could just sniff the passwords from the insecure http connections.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question htaccess - redirect only sub domain http to https Applying IP rules to HTTP only (and not HTTPS) with .htaccess How to redirect http:// http://www and https://www to https:// using .htaccess .htaccess http to https with files .htaccess HTTPS to HTTP Not working .htaccess redirect http to https Different htaccess in http or https htaccess from https to http .htaccess not redirecting http to https Issues with HTTPS to HTTP htaccess
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM