Apache <RequireAny> only when HTTPS

Asked 3 years, 5 months ago

Modified 3 years, 5 months ago

Viewed 271 times

0

I'd like to use Basic Auth only when HTTPS is used. Having a .htaccess like this the user must enter password twice

RewriteEngine On RewriteOptions Inherit # Rewrite to HTTPS (except for let's encrypt) RewriteCond %{HTTPS} off RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/.*$ RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] <RequireAny> AuthType Basic AuthName "Top Secret" AuthUserFile /is/htdocs/***/.htpasswd Require valid-user </RequireAny>

Using this file:

http://mysite.domain is called
Authentication for 'http://mysite.domain' is requested (NoSSL)
Redirect to https://mysite.domain is done
Authentication for 'https://mysite.domain' is requested (SSL)

How can I avoid the authentication for 'http://mysite.domain' here?

edited May 5, 2022 at 20:39

asked May 5, 2022 at 19:31

1011 bronze badge

Add a comment |

1 Answer 1

Sorted by:

0

Found it, using REQUEST_SCHEME.

<If "%{REQUEST_SCHEME} == 'https'"> <RequireAny> AuthType Basic AuthName "Top Secret" AuthUserFile /is/htdocs/***/.htpasswd Require valid-user </RequireAny> </If>

answered May 6, 2022 at 0:05

1011 bronze badge

Add a comment |

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Explore related questions

See similar questions with these tags.