This article demonstrates how to force a browser from “http” to “https” before sending credentials across the Internet.
Put the following into your “.htaccess” file. If will first force the connection to “https” and then it will prompt for the credentials. Notice the “commented out” IF statement. IF statements only work on and after Apache version 2.3. test it for yourself. Check the logs as you test it to ensure the password is sent (not necessarily asked for) over HTTPS.
# Force from HTTP to HTTPS RewriteEngine On RewriteCond %{HTTPS} off RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] RewriteCond %{HTTP_HOST} !^www\. RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301] # Secure this /secured section #<If "%{HTTPS} == 'on'"> AuthUserFile /etc/httpd/website1.password AuthName "Secured by AGIX" AuthType Basic require valid-user #</If>
See related information here “https://agix.com.au/secure-your-web-site-with-a-htaccess-file/”.
Reference “http://stackoverflow.com/questions/13977851/htaccess-redirect-to-https-www”.
Squirreled-away your .htaccess lines for future use. 🙂
Thanks for sharing!