Apache: Forcing SSL and Authentication

Stuart Jansen sjansen at buscaluz.org
Tue Feb 13 16:23:40 MST 2007

On Tue, 2007-02-13 at 15:59 -0700, Topher Fischer wrote:
> AuthName "FOO"
> AuthType Basic
> AuthUserFile /PATH_TO_DIR/.htpasswd
> order deny,allow
> Require valid-user
> RewriteEngine On
> RewriteCond %{HTTPS} !^on$
> RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]


Alternatively, if you're sure you want to use mod_rewrite, I suggest
making it a permanent redirect. [L,R=301]

Make sure you've set the appropriate AllowOverride in your httpd.conf.

Stuart Jansen              e-mail/jabber: sjansen at buscaluz.org
                           google talk:   stuart.jansen at gmail.com

"However beautiful the strategy, you should occasionally look at 
the results." -- Winston Churchill
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://plug.org/pipermail/plug/attachments/20070213/0837a5ed/attachment.bin 

More information about the PLUG mailing list