This is my .htaccess:
RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} AuthUserFile /etc/hi AuthName "hi" AuthType Basic require valid-user
It asks for user authentication using http, meaning that password will be sent in plain text. It will than redirect to the https version and ask the password again.
How can i fix it?
If you're running Apache 2.4 you can use configuration sections to solve this quite easily.
Eg...
# Redirect to HTTPS RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L] # Authenticate users only when using HTTPS # Enable for <v2.4 # SSLRequireSSL # ErrorDocument 403 /secure-folder/ # Enable for >v2.4 <If "%{HTTPS} == 'on'"> AuthType Basic AuthName "Special things" AuthUserFile /etc/blah.htpasswd # Prevent this 'Require' directive from overriding any merged previously <IfVersion >= 2.4> AuthMerging And </IfVersion> Require valid-user # Enable for >v2.4 </If>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With