Hello, I want to redirect all pages which have a .htaccess restriction to SSL before the user is prompted for authentication: This is a common problem, as described here:
http://blog.jozjan.net/2008/02/htaccess-redirect-to-ssl-https-before.html Redirect in htaccess works fine on it's own, and authentication in htaccess works fine on it's own. However when you combine them, what happens is, the authentication directives trump the Rewrite directives, and the redirect only happens after they have been authenticated. An example being: SSLOptions +StrictRequire SSLRequireSSL ErrorDocument 403 https://myserver.com/ AuthName "Please log in" require valid-user order allow,deny satisfy any This leads to a double log in issue. Once over HTTP and then again over HTTPS. What I would like to do, is separate out the directives that need to apply on HTTP connections, with those that need to apply over HTTPS (SSL) connections. In Apache1.x it appears you could do this in one htaccess file: <IfModule !mod_ssl.c> SSLOptions +StrictRequire SSLRequireSSL ErrorDocument 403 https://myserver.com/ </IfModule> <IfModule mod_ssl.c> AuthName "Please log in" require valid-user order allow,deny satisfy any </IfModule> But I can't get it to work in Apache 2.2.x Has anyone got any recommendations on applying different directives depending on whether it's port 80 or port 443 ? Thanks Paul -- Paul Reilly Systems Group IS Services Trinity College Dublin e: paul.rei...@tcd.ie p: +353-1-896-2152
