Apache: Forcing SSL and Authentication

Topher Fischer javert42 at cs.byu.edu
Tue Feb 13 16:13:48 MST 2007

Hash: SHA1

Michael Torrie wrote:
> On Tue, 2007-02-13 at 15:59 -0700, Topher Fischer wrote:
> I'm trying to configure a webserver to redirect clients to use only
> secure http when trying to access a certain directory.  I also want them
> to authenticate using AuthType Basic.  In a perfect world, I'd be able
> to do all this with a simple .htaccess file in the directory that I want
> to protect.  The closet I've been able to come produces the following
> results:
> I connect to the normal http server, it then prompts me to enter in a
> username and password.  After I authenticate myself over http, it
> connects to the https server and prompts me to authenticate myself once
> again.
> I'm hopeful that this can be fixed.  Any ideas?
>> Maybe don't use an .htaccess.  Rather, create a <Directory> entry in the
>> apache conf file under the correct, non-ssl vhost that does a redirect
>> to the same url under the https url.  Then under the ssl vhost, add a
>> <Directory> entry there that contains all the contents of the .htaccess
>> file.  Now you'll be able to hit the unsecured url, be 302'd to the
>> secure one, which will require a login.
>> Michael

I'm not using a vhost.  I'm just running the page at
http://machine/dir/.  Can I make the necessary changes just within a
block like this:
<Directory /dir/>
	rewrite rules

I've played around with different settings, but nothing works yet.

As far as I know, vhosts work with different host names, so I couldn't
use a vhost configuration with this setup.  Is that correct?

- --
Topher Fischer
GnuPG Fingerprint: 3597 1B8D C7A5 C5AF 2E19  EFF5 2FC3 BE99 D123 6674
javert42 at cs.byu.edu
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org


More information about the PLUG mailing list