我想在authentication之后从httpsredirect到http ,所以凭证通过一个安全通道,但其他所有内容都以纯文本forms传输。
这里是conf文件的相关部分:
## Auth # https://redmine.lighttpd.net/projects/1/wiki/docs_modauth # type of backend # plain, htpasswd, ldap or htdigest auth.backend = "htpasswd" # for htpasswd auth.backend.htpasswd.userfile = "/etc/apache2/auth.htpwd" auth.require = ( "" => ( "method" => "basic", "realm" => "Authorization required", "require" => "valid-user" ) ) ## Simple SSL # https://redmine.lighttpd.net/projects/1/wiki/HowToSimpleSSL $SERVER["socket"] == ":443" { ssl.engine = "enable" ssl.pemfile = "/etc/lighttpd/certs/lighttpd.pem" } ## Redirect from https to http # https://redmine.lighttpd.net/projects/1/wiki/HowToRedirectHttpToHttps # https://redmine.lighttpd.net/boards/2/topics/3988 $HTTP["scheme"] == "https" { $HTTP["host"] =~ "([^:/]+)" { url.redirect = ( "^/(.*)" => "http://%1:1234/$1" ) } } 到目前为止,redirect在authentication之前被执行。
有任何想法吗?
Linux 4.1.19上的lighttpd 1.4.35
我回答自己。
我的问题没有意义。 HTTP是一种无状态的协议,所以即使我可以通过SSL身份validation,然后跳转到HTTP ,在随后的HTTP请求中,凭据将始终以纯HTTPforms发送。