Apache: redirect to https before AUTH for server-status
- by Putnik
I want to force https and basic auth for server-status output (mod_status).
If I enable auth and user asks for http://site/server-status apache first asks for pass, then redirects to httpS, then asks for pass again.
This question is similar to
Apache - Redirect to https before AUTH
and
force https with apache before .htpasswd
but I cannot get it work because we are speaking not about generic folder but Location structure.
My config (shortly) is as follows:
<Location /server-status>
SSLRequireSSL
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteBase /server-status
RewriteCond %{HTTPS} off
RewriteCond %{SERVER_PORT} 80
RewriteRule ^ - [E=nossl]
RewriteRule (.*) https://site/server-status} [R=301,L]
</IfModule>
SetHandler server-status
Order deny,allow
Deny from all
Allow from localhost ip6-localhost
Allow from 1.2.3.0/24
Allow from env=nossl
AuthUserFile /etc/httpd/status-htpasswd
AuthName "Password protected"
AuthType Basic
Require valid-user
Satisfy any
</Location>
I assume Allow from env=nossl should allow everyone with RewriteCond %{HTTPS} off and server port 80, then force it to redirect but it does not work.
Please note, I do not want force to SSL the whole site but /server-status only. If it matters the server has several sites.
What am I doing wrong? Thank you.