Best way to protect ECP endpoints

Cantor, Scott cantor.2 at
Tue Mar 27 17:16:59 EDT 2018

On 3/27/18, 5:14 PM, "users on behalf of Wessel, Keith" <users-bounces at on behalf of kwessel at> wrote:

> Alright, I feel quite stupid! I never tried just commenting out the Apache Location block for the ECP endpoint and hitting > it to see what happens. Works like a charm: prompts for authentication,

It won't prompt, that is an inherent limitation of this approach. It will consume a Basic-Auth header (or in theory any HTTP authentication) but it won't challenge for one. I couldn't come up with a way to do it within the webflow.

-- Scott

More information about the users mailing list