Apache is listening on port 80 and redirecting everything to https, which is handled by stunnel. If I put in authentication in it redirects before it does the authentication. Is there a way to handle this?

Listen 80
<VirtualHost *:80>
    RewriteEngine   On
    RewriteRule     ^(.*)   https://%{HTTP_HOST}$1

   <Directory /*>
      AuthType Basic
      AuthName "Stooges Web Site: Login with email address"
      AuthLDAPURL ldap://localhost:389/o=stooges?mail
      require valid-user

update: I use stunnel instead of apache, because apache can't handle websockets with ssl and stunnel can.

  • So ... why stunnel? If the clients continue talking HTTP(S), why not use Apache for the HTTPS site as well? That's what mod-ssl is for and it's available in every major or minor distribution. This way you can do your authentication in the HTTPS site, which is a better idea anyway, since no passwords will be sent in clear-text. – daff Sep 27 '12 at 09:59
  • Thanks for your reply. I'm using stunnel because apache can't deal with the websockets protocol, and stunnel can – Arjen Dijkstra Sep 27 '12 at 10:36

1 Answers1


The authentication would only happen when someone accesses the start page of the HTTP server, but since you've started by redirecting everybody away from the HTTP site onto the HTTPS site, you'll never reach that directory.

The best thing would be to put the authentication in the configuration for the HTTPS site instead, but if you can't do that, I think you should be able to make it work with a RewriteCond. I've not actually tried this myself, but here's an example to get you going:

Listen 80
<VirtualHost *:80>
    RewriteEngine   On
    RewriteCond     %{AUTH_TYPE} Basic
    RewriteRule     ^(.*)   https://%{HTTP_HOST}$1

   <Directory /*>
      AuthType Basic
      AuthName "Stooges Web Site: Login with email address"
      AuthLDAPURL ldap://localhost:389/o=stooges?mail
      require valid-user

Possibly it would be a lot easier to just have an index.html containing a redirect to the HTTPS host...

Jenny D
  • 27,358
  • 21
  • 74
  • 110
  • Thanks, but I don't have any configuration for https in apache because we use websockets over https for which we need stunnel. I forgot to put that in my initial question. – Arjen Dijkstra Sep 27 '12 at 10:39
  • You can't use apache's authentication for a site that you're not using apache for. – Jenny D Sep 27 '12 at 10:50
  • I was hoping to authenticate first and then redirecting... – Arjen Dijkstra Sep 27 '12 at 10:53
  • You might try to use a `RewriteCond` making the Rewrite only happen if the client is authenticated. I'll edit my answer with some more info on that. – Jenny D Sep 27 '12 at 11:05