It sounds like you just need to configure the secure domain properly. Perhaps
you have done this for the non-secure section but not fir the secure section.
I suspect that you simply need to allow overrides for the directory you want to
protect.
There should not be an issue with .htaccess files and ssl, but you need to
configure as per standard apache.
<Directory />
AllowOverride All
</Directory>
James Hastings-Trew wrote:
> I think others have asked this question as well, but I would like a portion
> of my secure site to be blocked to access unless a name and password is
> entered. I have create a valid .htaccess file, pointing at a valid .htpasswd
> file, and it works provided that part of the site is accessed through an
> http: connection -- it correctly query's for the name and password before
> showing the page. However, when accessed through a https: connection, no
> such query pops up - the script is run and the page shows as if there were
> no .htaccess file at all.
>
> I have tried putting the directives directly into the httpd.conf file, but
> the result is the same either way I do it - the .htaccess file only seems to
> work if the connection to the page is made through an unsecure connection. I
> would like the sessions to this page (an admin page to be used by authorized
> users off-site) to require authorization and be through an SSL session. The
> chances of anyone guessing the directory/script name is low, but still....
>
> Any ideas?
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
