If anyone has any direction regarding this I'd really appreciate it.

After having done some further digging around I've combined the code into one .htaccess file within the "client" directory that I'm trying to protect with SSL and htpasswd.

The code so far is:

SSLOptions +StrictRequire
SSLRequireSSL
SSLRequire %{HTTP_HOST} eq "sub.domain.com”
AuthUserFile /home/.htpasswd
AuthName "Login"
AuthType basic
require user client
ErrorDocument 403 [sub.domain.com...]

Currently I'm just getting a 500 Internal Server Error but I can't see why the code wouldn't work.

The only thing I can think of is that I may not have the mod_ssl module installed, so I'm just in the process of confirming that with my host.

I'll post my results when I finally get it working.

If anyone in the meantime can spot any blatant errors in the code please let me know.

Your server error log should make the cause of the 500-Server Error either very clear or at least fairly clear... Sorry I can't contribute much more than that...

Jim

Also, do be aware that if an ErrorDocument Directive specifies a canonical URL (as yours does) instead of a local filepath, then the server status code returned for that error will always be 302-Found -- as documented in the Apache ErrorDocument directive documentation.

Jim

Thanks for the input Jim!

As for the logs, I think thats another question for my host, I've had a look around and I only seem to have access to the access logs NOT the error logs.

This doesn't really surprise me, I don't even have access to the main httpd.conf file so hey! ;)

I wouldn't care but it's not like they're a cheap 2-bit host either.

My host eventually got back to me. After conflicting reports from two different support technicians they've decided that mod_ssl is "apparently" installed on my server - however after checking the logs I found the following error:

"Invalid command 'SSLOptions', perhaps mis-spelled or defined by a module not included in the server configuration"

I've looked over the code again as still can't see any problems.

Is there a way in which I can establish myself which modules are installed? something like a phpinfo file? as I have my doubts where they really know themselves whether mod_ssl is available!

If not can anyone think of any other ways to troubleshoot this or directions to research?

Thanks again.

Oh and just as a refresher this code is in an .htaccess file.

There's a way to get a "loaded module dump" but I believe it requires server command line access.

An easy test is to include a single simple directive from each module you want to presence-test -- A directive that won't mess up anything. For example, using URLs that don't exist, and so won't actually invoke the directive, but rather, just let the module parser 'look' at it to see if it recognizes the directive.

You can comment-out the others by preceding them with a "#" character if you don't want to actually remove them.

Jim

Thanks Jim, good idea.

I've tried a different mod_ssl directive with a passive outcome and I get the same "Invalid command ... perhaps mis-spelled or defined by a module not included in the server configuration" error.

For me this has to suggest that the mod_ssl module isn't installed.

I've just had to write an arsey email to the hosting company - it's taken them five days and they still can't establish whether its installed or not.

I think a new host could be on the horizon! :)