[Tfug] trying to force htaccess basic auth to secured server

[keith smith]

Hi,

I'm stuck with an htaccess basic auth problem.  I need to force the auth to the secured server and it works intermittent at best - sometime It goes to HTTPS and other times it goes to HTTP.  And Chrome always goes to HTTP.  FireFox is intermittent. 


I've tried lots of combinations.  I've even tried to force the entire site to HTTPS which works, however the htaccess auth comes does not always come from the secured server.


I added the following lines to the htaccess in the doc root directory:

RewriteEngine On 
RewriteCond %{SERVER_PORT} !^443$

RewriteRule ^/(.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]


The htaccess auth is in a sub-directory.  That htaccess file contains these lines:


AuthUserFile /home/user-name/public_html/sub-directory-name/.htpassword-file-name
AuthType Basic
AuthName "-- Log in Please --"
require user user that is found in the htpassword-file

I've tried to add this code to the vhost and it does not work at all.... I followed the directions on the Apache website and still it does not work.


I scoured the web and found a number of variations which none work all the time.

Any help is much appreciated!!

Keith
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://tfug.org/pipermail/tfug_tfug.org/attachments/20140115/ed8dd99a/attachment.html>