[mythtv] securing mythweb - automatic redirection to https / streams without authentication

Gregor Glashüttner gregor at glashuettner.com
Thu Oct 23 20:57:30 UTC 2008


I´m running mythweb under gentoo. The default configuration (which is
included in /etc/apache2/modules.d/) comes with some handy
commented-out options to secure the pages with a password (throug a
"<Directory>" Directive). My site is SSL-enabled and in
mythweb->Settings->Streaming i can "Force Streams to http" to go back
to http.

What i would like to do is redirect anything that´s not under
$WEBSITE/mythweb/pl/stream/ to https automatically, to prevent
passwords being sent over the net unencrypted if anybody forgets the
"s" in the URL (https://). I found some directions on the net which
somehow don´t work for me :-( Tried a lot and failed as often. If
anybody could help me with the right regex´s, that would be great. It
should be something like:
RewriteCondition %{HTTPS} = off
RewriteRule "anything not under /pl/stream/" https://website/samelocation

Furthermore i need a directive to allow unauthenticated access to
anything under /pl/stream/. Otherwise the passwords would be requested
again - now on port 80 so unencrypted. Maybe something inside a
<MatchLocation .*/pl/stream/> directive? But what?

Including this into the standard config would make it very easy for
everybody to have a functional but secure mythweb installation.
Any help is very much appreciated

Best regards

More information about the mythtv-dev mailing list