Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Apache .htaccess redirect to HTTPS before asking for user authentication

This is my .htaccess:

RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}  AuthUserFile /etc/hi AuthName "hi" AuthType Basic require valid-user 

It asks for user authentication using http, meaning that password will be sent in plain text. It will than redirect to the https version and ask the password again.

How can i fix it?

like image 702
cedivad Avatar asked Apr 22 '12 10:04

cedivad


1 Answers

If you're running Apache 2.4 you can use configuration sections to solve this quite easily.

Eg...

# Redirect to HTTPS RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]  # Authenticate users only when using HTTPS # Enable for <v2.4  # SSLRequireSSL  # ErrorDocument 403 /secure-folder/ # Enable for >v2.4 <If "%{HTTPS} == 'on'">     AuthType Basic     AuthName "Special things"     AuthUserFile /etc/blah.htpasswd     # Prevent this 'Require' directive from overriding any merged previously    <IfVersion >= 2.4>       AuthMerging And    </IfVersion>     Require valid-user # Enable for >v2.4 </If> 
like image 97
Molomby Avatar answered Oct 09 '22 20:10

Molomby