1

I am a beginner when it comes to servers and I have a problem similar to this one. When accessing the desired webpage, .htpasswd prompts me for an authentification before I am redirected to https.

Is there any workaround solely by editing the .htaccess file, because I have no permission to change the vhost conf file.

The relevant lines in my .htaccess file until now look like this:

BlockquotRewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{ENV:HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]


AuthType Basic
AuthName "members only"
AuthUserFile /var/www/myweb/.htpasswd
Require valid-user
Community
  • 1
aldorado
  • 113
  • 3

2 Answers2

1

There is an SSLRequireSSL directive which might work for you here - http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslrequiressl

Edd
  • 386
  • 2
  • 8
0

RequireSSL has the downside that if someone connects to just "http://" they get an access denied.

A more user friendly solution is to have two VirtualHost entries (one for HTTP, one for HTTPS) and have the first one do a redirect. For example

<VirtualHost *:80>
    ServerName www.yoursite.com
    ServerAlias yoursite.com

    Redirect permanent / https://www.yoursite.com/
</VirtualHost>
<VirtualHost *:443>
    SSLEngine on

    AuthType Basic
    AuthName "members only"
    AuthUserFile /var/www/myweb/.htpasswd
    Require valid-user
    ....
</VirtualHost>

In your case, this also means they'll get redirected to the SSL site before being prompted for a password.

gregmac
  • 1,459
  • 3
  • 18
  • 27