Differences

This shows you the differences between two versions of the page.

--- web:password-protected:force_https [2017/12/20 19:04] – jas
+++ web:password-protected:force_https [Unknown date] (current) – removed - external edit (Unknown date) 127.0.0.1
@@ Line 1: / Line 1: @@
-====== Forcing Page Access Over HTTPS ======
-If your web page is requesting a password, it is best to send the password over an encrypted channel.
-Before your authentication block, add this code to redirect http://URL to https://URL:
-<code>
-RewriteEngine On
-RewriteCond %{HTTPS} off
-RewriteRule ^/?(.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
-</code>
-Surrounding your authentication block, add this condition which forces authentication to only occur when your page is served over https:
-<code>
-<If "%{HTTPS} == 'on'">
-  <Your authentication block>
-</If>
-</code>
-That's all you need to do!  Putting it together, here's an example:
-<code>
-RewriteEngine On
-RewriteCond %{HTTPS} off
-RewriteRule ^/?(.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
-<If "%{HTTPS} == 'on'">
-  AuthType Basic
-  AuthName "My Page"
-  AuthBasicProvider pam
-  require valid-user
-</If>
-</code>
-NOTE: The Passport York module forces HTTPS access, so you don't need to use this trick when authenticating with Passport York.