httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Andersson" <>
Subject Re: [users@httpd] %{HTTP:Authorization}
Date Wed, 12 Nov 2003 13:08:31 GMT
Michele Marcionelli wrote:
> What shall I do? I tryed the following rewiterule:
>   RewriteCond %{HTTP:Authorization} ^.+
>   RewriteRule ^(.*) https://%{HTTP_HOST}$1 [R,L]
> This does't work correctly. What happend is the following:
> 1. I'm asked to enter (on http) username and password
> 2. the RewriteCond matched the condition and switch to https
> 3. I'm asked again to enter username and password again (!!)

Of course it does. You need to redirect before asking for authentication. If
you protect the directory/location in the non-SSL host, you will get asked
for credentials before getting redirected.

I will assume that you have two virtual hosts: one non-SSL, and one SSL,
both sharing the same document root, and a particular directory tree
requires authentication. Something like this could work:

    <VirtualHost *:80>
        ServerName xxx
        DocumentRoot /path/to/docroot
        # Could possibly be a Location block instead
        <Directory /path/to/docroot/secret>
            # Could also be Redirect or RedirectMatch
            RewriteRule (.*) https://%{SERVER_NAME} [R,L]

        ServerName xxx
        DocumentRoot /path/to/docroot
        <Directory /path/to/docroot/secret>
            # Authentication stuff
            AuthType basic
            Require valid-user

Be sure to not have a .htaccess file in the directory.

If this doesn't work for you, you need to give much more details about your

Robert Andersson

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message