Apache only when HTTPS

Florian

9/5/23, 7:31 PM

I'd like to use Basic Auth only when HTTPS is used. Having a .htaccess like this the user must enter password twice

RewriteEngine On
RewriteOptions Inherit

# Rewrite to HTTPS (except for let's encrypt)
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/.*$
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

<RequireAny>
    AuthType Basic
    AuthName "Top Secret"
    AuthUserFile /is/htdocs/***/.htpasswd
    Require valid-user
</RequireAny>

Using this file:

http://mysite.domain is called
Authentication for 'http://mysite.domain' is requested (NoSSL)
Redirect to https://mysite.domain is done
Authentication for 'https://mysite.domain' is requested (SSL)

How can I avoid the authentication for 'http://mysite.domain' here?

0 + 0

mod-auth

apache-2.4

Score:0

Server

Florian

9/6/23, 12:05 AM

Found it, using REQUEST_SCHEME.

<If "%{REQUEST_SCHEME} == 'https'">
    <RequireAny>
        AuthType Basic
        AuthName "Top Secret"
        AuthUserFile /is/htdocs/***/.htpasswd
        Require valid-user
    </RequireAny>
</If>

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Apache <RequireAny> only when HTTPS

TH: อาปาเช่ เฉพาะเมื่อ HTTPS

RO: Apache numai când HTTPS

RU: Апачи только когда HTTPS

VI: apache chỉ khi HTTPS

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.