I have an Apache 2.2 server with an SSL certificate hosting several services that should be only access using SSL.
ie: https://myserver.com/topsecret/ should be allowed while http://myserver.com/topsecret/ should be either denied or, ideally, redirected to https.
http://myserver.com/public should not have this restriction, and should work using either http or https.
The decision to allow/deny http is made at the top level directory, and affects all content underneath it.
Is there a directive that can be placed in the Apache config to retrict access in this manner?
Best Answer
The SSLRequireSSL directive is what you're looking for.
Inside your
<VirtualHost>
, or at the top level if you're not using virtual hosts:Or in
.htaccess
: