Score:0

Apache only when HTTPS

us flag

I'd like to use Basic Auth only when HTTPS is used. Having a .htaccess like this the user must enter password twice

RewriteEngine On
RewriteOptions Inherit

# Rewrite to HTTPS (except for let's encrypt)
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/.*$
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

<RequireAny>
    AuthType Basic
    AuthName "Top Secret"
    AuthUserFile /is/htdocs/***/.htpasswd
    Require valid-user
</RequireAny>

Using this file:

How can I avoid the authentication for 'http://mysite.domain' here?

Score:0
us flag

Found it, using REQUEST_SCHEME.

<If "%{REQUEST_SCHEME} == 'https'">
    <RequireAny>
        AuthType Basic
        AuthName "Top Secret"
        AuthUserFile /is/htdocs/***/.htpasswd
        Require valid-user
    </RequireAny>
</If>
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.