force https with apache before .htpasswd

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by johnlai2004 on Server Fault See other posts from Server Fault or by johnlai2004
Published on 2010-05-28T14:14:27Z Indexed on 2010/05/28 14:22 UTC
Read the original article Hit count: 331

Filed under:
|
|

I have this in my .htaccess file

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://www.myweb.com/phpmyadmin$1 [R,L]

AuthUserFile /var/www/myweb/.htpasswd
AuthGroupFile /dev/null
AuthName "Sovereign Databases"
AuthType Basic

<Limit GET>
require valid-user
</Limit>

But everytime I go to http://www.myweb.com/phpmyadmin, the .htpasswd prompts me for a credentials BEFORE i'm redirected to https://www.myweb.com/phpmyadmin. After I type in my username and password, I get redirected to https://www.myweb.com/phpmyadmin. The problem is that I don't want anyone to submit their username and password unencrypted via http.

How do I force people to login via the https version even if they typed in the http version?

© Server Fault or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about ssl

Related posts about .htaccess

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle