Apache: Forcing SSL and Authentication

Jonathan Duncan jonathan at bluesunhosting.com
Thu Feb 15 12:21:16 MST 2007


On Tue, 13 Feb 2007, Topher Fischer wrote:

> I'm trying to configure a webserver to redirect clients to use only
> secure http when trying to access a certain directory.  I also want them
> to authenticate using AuthType Basic.  In a perfect world, I'd be able
> to do all this with a simple .htaccess file in the directory that I want
> to protect.  The closet I've been able to come produces the following
> results:
>
> I connect to the normal http server, it then prompts me to enter in a
> username and password.  After I authenticate myself over http, it
> connects to the https server and prompts me to authenticate myself once
> again.
>
>

Are you sure your authentication is not secure?  The authentication may be 
coming from the secure part and it may just look like it is coming from 
the unsecure part.  It could be that since you have a rewrite on the url 
that it does it so fast that it actually looks like it is coming from the 
initial url.

Jonathan



More information about the PLUG mailing list