Apache: Forcing SSL and Authentication

Michael Torrie torriem at chem.byu.edu
Tue Feb 13 16:03:44 MST 2007


On Tue, 2007-02-13 at 15:59 -0700, Topher Fischer wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> I'm trying to configure a webserver to redirect clients to use only
> secure http when trying to access a certain directory.  I also want them
> to authenticate using AuthType Basic.  In a perfect world, I'd be able
> to do all this with a simple .htaccess file in the directory that I want
> to protect.  The closet I've been able to come produces the following
> results:
> 
> I connect to the normal http server, it then prompts me to enter in a
> username and password.  After I authenticate myself over http, it
> connects to the https server and prompts me to authenticate myself once
> again.
> 
> I'm hopeful that this can be fixed.  Any ideas?

Maybe don't use an .htaccess.  Rather, create a <Directory> entry in the
apache conf file under the correct, non-ssl vhost that does a redirect
to the same url under the https url.  Then under the ssl vhost, add a
<Directory> entry there that contains all the contents of the .htaccess
file.  Now you'll be able to hit the unsecured url, be 302'd to the
secure one, which will require a login.

Michael


> 
> My current .htaccess file:
> 
> AuthName "FOO"
> AuthType Basic
> AuthUserFile /PATH_TO_DIR/.htpasswd
> order deny,allow
> Require valid-user
> 
> RewriteEngine On
> RewriteCond %{HTTPS} !^on$
> RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
> 
> 
> - --
> Topher Fischer
> GnuPG Fingerprint: 3597 1B8D C7A5 C5AF 2E19  EFF5 2FC3 BE99 D123 6674
> javert42 at cs.byu.edu
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.5 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
> 
> iD8DBQFF0kLDL8O+mdEjZnQRAiEEAJ40NjtESDlWNeuXlXS7n9umgyo9RwCcDDTV
> MdgubpwOtx5hW65lmqCcr9w=
> =j+3q
> -----END PGP SIGNATURE-----
> 
> /*
> PLUG: http://plug.org, #utah on irc.freenode.net
> Unsubscribe: http://plug.org/mailman/options/plug
> Don't fear the penguin.
> */
> 




More information about the PLUG mailing list