Re: Design question

[kevin mcgowan <clunis@xxxxxxxxx>]

No, it is not the case that all https pages must be authenticated.  All 
authenticated pages must be https, but that's not the same thing.

The CosignProtected (on/off) directive in conjunction with Location and 
Directory directives can be used to selectively protect and unprotect 
arbitrary portions of the https uri space.  So turning off cosign 
protection for a page called, for example, 'registration' might look 
like this:

    <Location /registration/>
        <IfModule mod_cosign.c>
            CosignProtected Off
        </IfModule>
    </Location>

or like this:

    <Directory /home/sitemaker/public_html/registration/>
        <IfModule mod_cosign.c>
            CosignProtected Off
        </IfModule>
    </Directory>

k

On Mar 18, 2004, at 7:31 PM, Jonathan Maybaum wrote:

> Cosign group,
> Is it correct that your implementation requires that all https pages 
> must be authenticated? If so, this presents a problem. We had a page 
> where people were able to register for a conference (including sending 
> credit card info). Since anyone is permitted to register, the page was 
> https, but did not require authentication. Now, apparently, the Cosign 
> filter will not allow us to have such a page. Is that right?
>
> --JM

                                      ... "In, as you say, the mud." ...




!DSPAM:405a4f26265491913923795!