I am trying to protect the ~/public_html/dev
directory using http auth basic, but to make that secure I want to run it over ssl.
The middle section of the below .htaccess
file switches to https if the request URI begins with /dev
and works.
The last section of the file works as well but does not work properly with the https redirect.
I basically want to be able to type http://www.mattpotts.com/dev/some_sub_dir/
and be redirected to https://www.mattpotts.com/dev/some_sub_dir/
and prompted for the http auth username and password.
What currently happens is if I go to http://www.mattpotts.com/dev/some_sub_dir/
I get prompted for a username and password over port 80, and then immediately get prompted again over port 443. So my credentials are being sent twice, once in the clear, and once encrypted. Making the whole https url rewrite a little pointless.
The reason for doing this is so that I won't be able to accidentally submit my user/pass over http; https will always be used to access the /dev
directory.
The .htaccess
is in the ~/public_html/dev
directory.
# Rewrite Rules for mattpotts.com RewriteEngine On RewriteBase / # force /dev over https RewriteCond %{HTTPS} !on RewriteCond %{REQUEST_URI} ^/dev RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} # do auth AuthType Basic AuthName "dev" AuthUserFile /home/firefli/public_html/dev/.htpasswd Require valid-user