I think others have asked this question as well, but I would like a portion
of my secure site to be blocked to access unless a name and password is
entered. I have create a valid .htaccess file, pointing at a valid .htpasswd
file, and it works provided that part of the site is accessed through an
http: connection -- it correctly query's for the name and password before
showing the page. However, when accessed through a https: connection, no
such query pops up - the script is run and the page shows as if there were
no .htaccess file at all.
I have tried putting the directives directly into the httpd.conf file, but
the result is the same either way I do it - the .htaccess file only seems to
work if the connection to the page is made through an unsecure connection. I
would like the sessions to this page (an admin page to be used by authorized
users off-site) to require authorization and be through an SSL session. The
chances of anyone guessing the directory/script name is low, but still....
Any ideas?
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
