http to https with authentication using .htaccess file

So here is my problem i need authentication from https with redirection if user types http instead of https. Also only ask to authenticate when in https.

I have apache redireting any request with a specific folder to https

in the vhosts.d/00defaultvhost.conf

RewriteCond %{HTTPS} off

RewriteCond %{REQUEST_URI} ^/SpecialFolder/(.*)

RewriteRule ^/(.*) https://%{HTTPHOST}%{REQUESTURI} [R,L]

I also have any https requests for folders other that that special folder redirecting to http as follows in the modules.d/41modssl.default-vhost.conf

RewriteCond %{HTTPS} on

RewriteCond %{REQUEST_URI} !^/SpecialFolder/(.*)

RewriteRule ^/(.*) http://%{HTTPHOST}%{REQUESTURI} [R,L]

The tricky part is when I add the .htaccess file to the SpecialFolder

here is what I got the minute I add this I get a 401 error reguardless of how I try to access it. Im not sure what else to try

the only way to access the file is to remove the .htaccess file

here is what I got in the .htaccess

SSLOptions +StrictRequire


AuthName "Restricted Access"

AuthType Basic

AuthUserFile /x/y/z/.htpasswd

AuthGroupFile /x/y/z/.htgroup

Require group SpecialGroup

If I remove the .htaccess file it redirects me to https as it should and displays the page. if its an http then it just displays the page byut of course no authentication.

I would like it to ask me for authentication only when I am in https not in http.

1 Reply

Well it was my dumb mistake that caused a huge headache.

It turns out I was redirecting my 401 errors to a fancy looking page so it would never give me the prompt to type in the username and password.

The code I posted above actually works like a charm!!!


Please enter an answer

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct