3

I've been given a setup in which Apache runs on Windows, and we have two folders that need basic authentication with .htpasswd.

First, I tested that the authentication worked:

AuthUserFile E:/path-to/.htpasswd
AuthType Basic
AuthName "Secure area"
Require valid-user

This worked nicely, but of course did not send the credentials over SSL. I tried using a RewriteRule to send any requests without HTTPS over to HTTPS in either of those folders, and this requires the user to login twice - once over HTTP and once over HTTPS.

I found tons of people with this issue, and the solution most folks use is like this:

SSLOptions +StrictRequire
SSLRequireSSL
SSLRequire  %{HTTP_HOST} eq "www.domain.com"
AuthUserFile E:/path-to/.htpasswd
AuthName "Secure area"
AuthType basic
require valid-user
ErrorDocument 403 https://www.domain.com/secure-area

So I put this into an htaccess inside each of the two secure folders. This requires the user to login once, over HTTPS, as it should, but of course it does not send them to the file they have requested. Rather, it sends them to the root of the folder.

We often direct users to specific files inside these directories, and I just can't find anything that will authenticate them with basic auth over HTTPS when trying to do this. Is this possible on Apache?

Thanks, Jonathan

Jonathan Stegall
  • 530
  • 1
  • 6
  • 23

1 Answers1

-2

If its for a particular file, you could wrap it in 








<files *.php>
  
</files>







</pre></code>

or whatever, see if that makes a difference, as it'll be authenticating for a requested file rather than the directory that file is in?

Harry
  • 1