authtype and rewriterule process order question

I have authtype basic setup on a folder (https://mydomain.com/myfolder)
and would like to redirect the addresses below to it first and then have
it ask for username and password:
http://mydomain.com/myfolder
http://www.mydomain.com/myfolder
https://www.mydomain.com/myfolder
(the above 3 should all be redirected to https://mydomain.com/myfolder)

Without the rewriterule, all 4 urls are accessible as is (and ask for
username & password).

Here is my htaccess file so far, but what it appears to do is always ask
for the username and password first and then redirect second. I want it
to redirect first and then ask for username and password, so that you
cannot enter your username & password with regular http but have to use
https.

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} myfolder
RewriteRule ^(.*)$ https://mydomain.com/myfolder/$1 [R,L]

AuthType Basic
AuthName "AUTHORIZED ACCESS ONLY"
AuthUserFile "/home/mydomain/.htpasswds/public_html/myfolder/passwd"
require valid-user

Thanks

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: authtype and rewriterule process order question

Jeff Sherk Forerunner Ministries wrote:
> I have authtype basic setup on a folder (https://mydomain.com/myfolder)
> and would like to redirect the addresses below to it first and then have
> it ask for username and password:
> http://mydomain.com/myfolder
> http://www.mydomain.com/myfolder
> https://www.mydomain.com/myfolder
> (the above 3 should all be redirected to https://mydomain.com/myfolder)
>
> Without the rewriterule, all 4 urls are accessible as is (and ask for
> username & password).
>
> Here is my htaccess file so far, but what it appears to do is always ask
> for the username and password first and then redirect second. I want it
> to redirect first and then ask for username and password, so that you
> cannot enter your username & password with regular http but have to use
> https.

Thatś entirely the wrong approach. Since you want password protection
in your secure vhost, define it there. Not in some .htaccess, and
especially not one which is shared with another vhost where it's
not wanted. It becomes a lot easier if it (or at least the protected
area) also doesn't share a directory with the other vhost.

As for the question in your subject line, rewriterules in a Directory
context (which includes htaccess) run after authnz.

--
Nick Kew

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: authtype and rewriterule process order question

Thanks for the reply Nick...
I am pretty new to Apache (and all this related stuff). Can you give a
little more explanation on what 'define it there" means when you said
"Since you want password protection in your secure vhost, define it
there."?
Even some links on something to read would be good!
The only way I know how to passwrod protect is with htaccess.
Thanks

Nick Kew wrote:
> Thatś entirely the wrong approach. Since you want password protection
> in your secure vhost, define it there. Not in some .htaccess, and
> especially not one which is shared with another vhost where it's
> not wanted. It becomes a lot easier if it (or at least the protected
> area) also doesn't share a directory with the other vhost.

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org