我想从 https 重定向到 http后身份验证,因此凭证通过安全通道,但其他所有内容都以明文形式传输。
这是 conf 文件的相关部分:
## Auth
# https://redmine.lighttpd.net/projects/1/wiki/docs_modauth
# type of backend
# plain, htpasswd, ldap or htdigest
auth.backend = "htpasswd"
# for htpasswd
auth.backend.htpasswd.userfile = "/etc/apache2/auth.htpwd"
auth.require = ( "" =>
(
"method" => "basic",
"realm" => "Authorization required",
"require" => "valid-user"
)
)
## Simple SSL
# https://redmine.lighttpd.net/projects/1/wiki/HowToSimpleSSL
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/certs/lighttpd.pem"
}
## Redirect from https to http
# https://redmine.lighttpd.net/projects/1/wiki/HowToRedirectHttpToHttps
# https://redmine.lighttpd.net/boards/2/topics/3988
$HTTP["scheme"] == "https" {
$HTTP["host"] =~ "([^:/]+)" {
url.redirect = ( "^/(.*)" => "http://%1:1234/$1" )
}
}
至此重定向已执行前验证。
有任何想法吗?
Linux 4.1.19 上的 lighttpd 1.4.35
答案1
我自己回答。
我的问题毫无意义。HTTP
是无国籍者协议,所以即使我可以通过 进行身份验证然后SSL
跳转到,凭据也将始终在后续请求HTTP
中以纯文本形式发送。HTTP