Whenever we run a private server somewhere on the Internet, we need access control. Basic or digest auth was the way to go in the old days, but most of us use some form of cookie based authentication nowadays. That’s fairly easy with server side scripts, but what about static pages or reverse proxies? How can we make the apache server to provide cookie auth?
The principle idea of DOH holds a lot of promise if it is implemented in a respectful and cooperative way. The browser people are trying to bully us into their way of thinking. They disrespect our configurations, environments and settings and want to forward our sensitive data to some data center we have no relations with, we don’t know, have no contract, no service agreement and no way of contacting.