I have this in my .htaccess file
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://www.myweb.com/phpmyadmin$1 [R,L]
AuthUserFile /var/www/myweb/.htpasswd
AuthGroupFile /dev/null
AuthName "Sovereign Databases"
AuthType Basic
<Limit GET>
require valid-user
</Limit>
But everytime I go to http://www.myweb.com/phpmyadmin, the .htpasswd prompts me for a credentials BEFORE i'm redirected to https://www.myweb.com/phpmyadmin. After I type in my username and password, I get redirected to https://www.myweb.com/phpmyadmin. The problem is that I don't want anyone to submit their username and password unencrypted via http.
How do I force people to login via the https version even if they typed in the http version?
Best Answer
Move the
Authstatements to a<VirtualHost *:443>block.(Someone else might have a more elegant and better answer).