I have a development site up that requires a username and password (basic http auth) before the user can see the site. I'd like to redirect to a secure protocol first, before the user can send in the password in clear text. Any thoughts on how to do this using Apache? I have access to the conf and .htaccess files.
The end results would be:
http://xxxx/ — When user goes here, they get immediately redirected to https:
https — When user gets here, they get prompted for username / password.
Best Answer
You can use the redirect directive on http virtualhost to redirect to the https site where authentification is done. You could also use mod_rewrite to do the redirection. The basic things is just to not set authentification on http virtualhost and redirect everything on the https virtualhost where authentication is done.