1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 5:07 am May 2, 2026

Forum Moderators: phranque

Message Too Old, No Replies

Double Authentication

         

chief stains

3:18 pm on Oct 11, 2005 (gmt 0)

10+ Year Member



I have a secure directory on the server which requires users to be authenticated before using it. The .htaccess file rewrites the URL if it's coming from port 80 to 443, however after the rewrite the user is prompted for username/password again...

The htaccess looks like this... 


RewriteEngine On
RewriteCond %{SERVER_PORT}!^443$
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R]


AuthName "****"
AuthType Basic
AuthUserFile /etc/apache2/conf/***
require valid-user

Any ideas how to stop it from asking to authenticate twice?

jdMorgan

7:34 pm on Oct 11, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



The problem is that as far as mod_auth is concerned, the port 80 and port 443 servers constitute separate and distinct suthorization domains. So, authorization is requested and accepted, the mod_rewrite code redirects to a new authorization doamin, and so authorization is requested again.

Practically speaking, the cause of this problem is that mod_auth runs before mod_rewrite.

If you have access to httpd.conf, try putting the rewrite only in the configuration code for port 80, and the authorization code only in the section for the secure server.

Jim

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 5:07 am May 2, 2026