I am currently using htaccess to force all http requests on my apache2 server go to https. https is setup and working properly. The htaccess rewrite is working if i use just the base domain name (ex: http://mydomain.com ), however if i do something like http://mydomain.com/index.php i get a 401 error saying i am not authorized. I should mention my htaccess also restricts all content to authorized users with a htpasswd file.
Without using the rewrite for http -> https, both http and https work properly using any url long as the person is logged in. If they are not it will ask them to log in. When i put the rewrite back in it does not ask to user to log in, and simply shows a 401 error page.
this is my htaccess file:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
AuthName "Enter Account Info... Or your computer will blow up!!!"
AuthType Basic
AuthUserFile /<censored>/.htpasswd
AuthGroupFile /dev/null
require user <censored>
Without those rewrite lines, everything works fine. a request to either http or https will function normally, but using rewrite for anything other then the base domain seems to break somewhere.
i have tried various rewrite rules i have found around the web, all give same results, working fine for base url, not for direct page links.
if($_SERVER["HTTPS"] != "on").... this way seems to work for any url i use on the site, both http and https. it does force a double login if i use http initially, but this is acceptable for the moment. – MirtheN Jun 12 '13 at 18:02