htaccess authentification on SSL
Matt Graham
mhgraham at crow202.org
Mon Jan 13 19:17:39 MST 2014
On 2014-01-13 18:29, keith smith wrote:
> RewriteEngine On
> RewriteCond %{SERVER_PORT} 80
> RewriteCond %{REQUEST_URI} folder
> RewriteRule ^(.*)$ https://www.domain.tld/folder/$1 [R,L]
>
> AuthUserFile /path/to/password/file/.htpasswd_file
> AuthType Basic
> AuthName "Log in Please"
> require user username
>
> It allows me to authenticate, however sometimes it is HTTP and other
> times it is HTTPS.
Is this in a vhost? I would think you'd be better off putting all of
this into a <Directory> in a config file, not a .htwhatever file if you
can swing that. Anyway, the following worked a tiny bit bit better for
me than the things you had:
# NOTE: You'll have to alter the paths for your setup
<Directory /var/www/localhost/htdocs/folder>
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://crow202.org/folder/$1 [R=301,L]
AuthUserFile /var/www/localhost/htdocs/folder/.htpassword
AuthType Basic
AuthName "Log in Please"
Require user testuser
</Directory>
# end config file fragment
...you can see what this does if you go to http://crow202.org/folder/
(username testuser , password testpass). It might have flaws or
problems that I don't know about, since I have no idea about the rest of
your apache setup. AFAICT, though, it gets rid of the "I have to log in
via HTTP-Auth Basic twice, once over 80, once over 443" problem.
--
Crow202 Blog: http://crow202.org/wordpress
There is no Darkness in Eternity
But only Light too dim for us to see.
More information about the PLUG-discuss
mailing list