Apache: Forcing SSL and Authentication

Topher Fischer javert42 at cs.byu.edu
Tue Feb 13 15:59:15 MST 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I'm trying to configure a webserver to redirect clients to use only
secure http when trying to access a certain directory.  I also want them
to authenticate using AuthType Basic.  In a perfect world, I'd be able
to do all this with a simple .htaccess file in the directory that I want
to protect.  The closet I've been able to come produces the following
results:

I connect to the normal http server, it then prompts me to enter in a
username and password.  After I authenticate myself over http, it
connects to the https server and prompts me to authenticate myself once
again.

I'm hopeful that this can be fixed.  Any ideas?

My current .htaccess file:

AuthName "FOO"
AuthType Basic
AuthUserFile /PATH_TO_DIR/.htpasswd
order deny,allow
Require valid-user

RewriteEngine On
RewriteCond %{HTTPS} !^on$
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]


- --
Topher Fischer
GnuPG Fingerprint: 3597 1B8D C7A5 C5AF 2E19  EFF5 2FC3 BE99 D123 6674
javert42 at cs.byu.edu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFF0kLDL8O+mdEjZnQRAiEEAJ40NjtESDlWNeuXlXS7n9umgyo9RwCcDDTV
MdgubpwOtx5hW65lmqCcr9w=
=j+3q
-----END PGP SIGNATURE-----



More information about the PLUG mailing list