switch to ssl before to htpassword

Forum Moderators: phranque

Message Too Old, No Replies

switch to ssl before to htpassword

how do i get it to ssl first?

ezyid

10:51 pm on Oct 14, 2005 (gmt 0)

hello all.
im trying to use htacess for my password protection.. sorry i cant get access to my http.cfg so im using basic authentication instead..

anyway..

im trying to switch my browser to https before it asks for the login infomation.
the code im using is:

DirectoryIndex login.php
RewriteEngine On
RewriteCond %{SERVER_PORT}!443
RewriteRule ^(.*)?$ [website.com...] [L,R]

<Limit GET POST>
order deny,allow
deny from all
allow from all
require valid-user
</Limit>
<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>

AuthName "Forbidden"
AuthType Basic
AuthUserFile /path/to/my/files/
Require valid-user

Thankyou.
Steve.

jdMorgan

11:09 pm on Oct 14, 2005 (gmt 0)

The order of module execution is determined by the config in httpd.conf. So, you're not going to be able to do this soley from .htaccess. The default config is usually set up to execute mod_auth first, before mod_rewrite.

A simple fix is to make sure that all links to the authentication directory use "https://example.com/logindir/login.html" instead of "http://example.com/login_dir/login.html". I'm referring to the directory used for the "login" page, not necessarily the directory where the password-protected stuff is stored. You could, for example, put the protected content below "logindir" and redirect non-https requests back to the login page if an "already-authorized" cookie is not sent with the request. There are many ways to do this, and this is just one, but it can work for .htaccess-privilege-only accounts.

Jim