Apache – Password protected Directories with Require SSL

Prepend the following code in an .htaccess file

RewriteEngine On
RewriteCond %{HTTP_HOST} ^http://example\.com$ [NC]
RewriteRule ^(.*)$$1 [L,R=301]

##Uncomment for static React hosting (enables client routing)
#RewriteCond %{REQUEST_FILENAME} !-f
#RewriteRule ^ index.html [QSA,L]

AuthGroupFile /dev/null
AuthType Basic
AuthUserFile /home/.htpasswd
AuthName "Some message..."
require valid-user
ErrorDocument 401 "Unauthorized Access"

This configuration redirects all requests to its https equivalent and will also work with password protected directories. Authentication is performed over SSL, never over http.

Check if the htpassword exists. Of not, create new users using this command

#Crypt encryption
htpasswd -bd .htpasswd USER PWD

#SHA encryption
htpasswd -bs .htpasswd USER PWD

Leave a Reply

Your email address will not be published. Required fields are marked *