I have an Apache 2.0 web server setup as an Intranet for my company. I have a </Directory> container that is setup to authenticate to an Active Directory farm. The I&A works just fine.
However, It is easy to bypass the authentication by just adding one of the directories that is in /var/www/html with a trailing /. For example, in my browser if I enter:
I am forced to authenticate.
However, if I enter:
I bypass authentication.
I need to have my users perform I&A once, then carry their I&A credentials throughout their browsing session. I am guessing this would require cookies of some sort that contain the I&A information.
If cookies are the solution, then I could use some help setting up Apache to issue cookies for each login. I would then like people to be able to surf the other directories without having to re-authenticate every time they click another link.
Any links, advice, instructions, man pages, would be helpful. I am a novice when it comes to setting up Apache in this way.