I have a tricky variation on an old problem.
I have an apache based site that should generally be accessed via http/port 80. However for certain areas protected areas that require authentication (designated by .htaccess), I want to be able to redirect the user the https/port 443.
The key here is that I want this to always happen for basic auth – i.e. I don't want to have to recreate each htaccess file with a redirect directive. I only want to enforce this for basic authentication (other traffic should be unencrypted). The protected areas are scattered all over the site. Is it possible to somehow redirect all basic authentication requests to the SSL host?
Best Answer
I don't think it is possible to automatically redirect HTTP requests with Basic Authentication to a certain location - at least not with Apache httpd alone.
But you can use the SSLRequireSSL directive inside a Location block to force the clients to use HTTPS, otherwise they'll get an error 403.