Tutorial :Need to force http to https and then only force user to login using htaccess and apache



Question:

I know how to force http to https, and I know how to use htpasswd to force someone to login to the site. But I need a combination of this. Basically the site needs to be forced to https, and then the authentication needs to happen. Therefore there will be no http access to the site whatsoever.

Can anyone supply me with working htaccess code to do this please? I've seen this thread a couple of times, but it is not what I want.


Solution:1

.htaccess directives are processed sequentially, so you should be able to have the SSL redirect at the top and then later followed by your authentication requirements. So, the code might look something like this at the top:

RewriteEngine On  RewriteCond %{HTTPS} off  RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L]  

Note the [L] will prevent it from going further in case the access was non-HTTPS. Then later on in the file you can have some variant of this:

AuthType Basic  AuthName "Restricted Files"  AuthUserFile /usr/local/apache/passwd/.htpasswd  

Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Previous
Next Post »