0

I am currently using htaccess to force all http requests on my apache2 server go to https. https is setup and working properly. The htaccess rewrite is working if i use just the base domain name (ex: http://mydomain.com ), however if i do something like http://mydomain.com/index.php i get a 401 error saying i am not authorized. I should mention my htaccess also restricts all content to authorized users with a htpasswd file.

Without using the rewrite for http -> https, both http and https work properly using any url long as the person is logged in. If they are not it will ask them to log in. When i put the rewrite back in it does not ask to user to log in, and simply shows a 401 error page.

this is my htaccess file:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
AuthName "Enter Account Info... Or your computer will blow up!!!"
AuthType Basic 
AuthUserFile /<censored>/.htpasswd 
AuthGroupFile /dev/null 
require user <censored>

Without those rewrite lines, everything works fine. a request to either http or https will function normally, but using rewrite for anything other then the base domain seems to break somewhere.

i have tried various rewrite rules i have found around the web, all give same results, working fine for base url, not for direct page links.

MirtheN
  • 13
  • 4
  • For the moment i have altered the htaccess and removed the rewrite rule, and instead placed it in a few key locations in my php code using.. `if($_SERVER["HTTPS"] != "on")` .... this way seems to work for any url i use on the site, both http and https. it does force a double login if i use http initially, but this is acceptable for the moment. – MirtheN Jun 12 '13 at 18:02

1 Answers1

0

I had similar problem, this is what worked for me.

In your httpd.conf, under virtual hosts, make sure you have both:

ServerName domain.com

ServerAlias www.domain.com

BOTH in VirtualHost *:80 AND VirtualHost *:443

Yoni Hassin
  • 584
  • 1
  • 5
  • 17