tags:

views:

75

answers:

2
+1  Q: 

Combine URL rewriting (to force https) with http auth?

I have a domain, mattpotts.com and have set up a sub-domain dev.mattpotts.com for me to develop on and will then copy the files to the normal domain when they're ready to go.

My directory structure is as follows and dev.mattpotts.com points to dev/

+-public_html/
  +-project1/
  +-project2/
  +-project3/
  +-dev/
    +-project1
    +-project2
    +-project3

I basically want to be able to go from http://mattpotts.com/project1 to https://dev.mattpotts.com/project1 by adding dev..

I have the following .htaccess in dev/ and it works, all this needs to do is force https.

RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteCond %{REQUEST_URI} dev 
RewriteRule ^(.*)$ https://dev.mattpotts.com$1 [R,L]

I want to force https so that I can securely use http auth on the directory. However, when I combine it with the following rules, it doesn't work. I have my .htpasswd set up but I've not even had the login form show up yet.

AuthType Basic
AuthName "Dev Protected Area"
AuthUserFile .htpasswd
Require valid-user

How can I successfully combine the to set of .htaccess rules?

Edit, very strange things are happening!

https://dev.mattpotts.com/project1/ displays 'hello!' from non dev version of site (note https) http://dev.mattpotts.com/project1/ displays 'hello dev!' (as desired) from dev version. What's going on here?!

A: 

These issues should be independent of each other: do I understand correctly that the "force HTTPS" part works?

That said, AuthUserFile .htpasswd may be looking for .htpasswd in the wrong place. The easiest fix is to put the full path and name there, e.g. AuthUserFile /home/matt/www/public_html/dev/.htpasswd (or wherever you have the dev directory).

Piskvor  2010-01-27 13:26:00
I've set the .htpasswd path correctly now and it's working but I'm not sure how well! Can you please try http://dev.mattpotts.com/project1/ and http://mattpotts.com/dev/project1/ they should both be protected by auth but I don't think the former is.
Matt  2010-01-27 13:59:05
A: 

You've told us where your .htaccess file is, but you haven't told us where your .htpasswd file is. According to the Apache documentation on AuthUserFile:

Syntax: AuthUserFile file-path

File-path is the path to the user file. If it is not absolute (i.e., if it doesn't begin with a slash), it is treated as relative to the ServerRoot.

So in other words, it is looking for the .htpasswd in somewhere like /etc/apache2/.htpasswd. So either move your .htpasswd file there, or make your directive contain an absolute path to the file, e.g.:

AuthType     Basic
AuthName     "Dev Protected Area"
AuthUserFile /home/mattpots.com/public_html/dev/.htpasswd
Require      valid-user

However, for security reasons, I highly recommend keeping your .htpasswd file outside of your document root.

Jeremy Visser  2010-01-27 13:37:03

related questions

How can I use the URL to set the current culture in ASP.NET 2.0 Web App?
IIS7, RewritePath and IIS log files
IIS Log Files showing Rewritten rather than Original Url
Server.Transfer vs. Context.RewritePath
Simple Hackable URL implementation for ASP.NET (3.5)
Using Application_BeginRequest for url rewriting
ASP MVC Routing with > 1 parameter
websites urls without file extension?
Rewritepath and IIS Integrated Mode
ISAPI_Rewrite In IIS 7
Route www link to non-www link in .net mvc
Multi-lingual websites with ASP.NET MVC
IIS7: URL rewrite http://web1.com/web1/def.aspx to http://web1.com/def.aspx
How to create friendly url's in asp.net 2
Override getContextPath in an HttpServletRequest (for URL rewriting)
Apache modrewrite .htaccess question
How do I determine if an asp.net url has been "rewritten"?
Besides URL rewriting, what options are available for maintaining sessions without using cookies?
javascript window.open() and # symbol
Is there an IIS setting to get rid of extra '/' characters in a requested URL?
Can I use commas in a URL?
How do configure optional or "extraneous" URLs?
What is the best method to achieve dynamic URL Rewriting in ASP.Net?
ASP.NET UrlRewriting and Constructing Page Links
ASP.NET URL Rewriting