rupertrealbear Posted August 28, 2008 Share Posted August 28, 2008 Hi I set up some directives to require a password on a particular folder off my document root /public-html/hq in an .htaccess in that folder:- AuthName "Restricted Area" AuthType Basic AuthUserFile /home/charlie/.htpasswd AuthGroupFile /dev/null require valid-user . . . which worked ok with a .htpasswd in my server account root. I also needed to force ALL requests to my site to be changed on htpps:// requests, for which I had successfully added these directives to a .htaccess in my /public-html folder:- . . . RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} When both these directives are in effect, I find that requests to a script in /public-html/hq generally gets redirected to a non-existent error document /401.shtml and the visitor is left with a "File not Found". I moved the 'force SSL' directives into the .htaccess in /public-html/hq:- RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} AuthName "Restricted Area" AuthType Basic AuthUserFile /home/charlie/.htpasswd AuthGroupFile /dev/null require valid-user . . . which gets me in but asks or the password TWICE (before and after changnig the request into a https:// one). I suppose I could bare subjecting the user to having to enter their password again - but isn't there some subtle workaround ? Any suggestions much appreciated Rupertrealbear Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.