Htaccess redirect to SSL before Authenticate?

[Paul Reilly <pareilly@xxxxxx>]

Hello, I want to redirect all pages which have a .htaccess restriction to SSL before
the user is prompted for authentication: This is a common problem, as described here:

http://blog.jozjan.net/2008/02/htaccess-redirect-to-ssl-https-before.html

Redirect in htaccess works fine on it's own, and authentication in htaccess works fine on it's own.
However when you combine them, what happens is, the authentication directives trump the Rewrite directives, and the redirect only happens after they have been authenticated. An example being:

SSLOptions +StrictRequire
SSLRequireSSL
ErrorDocument 403 https://myserver.com/
AuthName "Please log in" 
require valid-user
order allow,deny
satisfy any


This leads to a double log in issue. Once over HTTP and then again over HTTPS.

What I would like to do, is separate out the directives that need to apply on HTTP connections,
with those that need to apply over HTTPS (SSL) connections. In Apache1.x it appears you could do
this in one htaccess file:

<IfModule !mod_ssl.c>
SSLOptions +StrictRequire
SSLRequireSSL
ErrorDocument 403 https://myserver.com/
</IfModule>
<IfModule mod_ssl.c>
AuthName "Please log in" 


require valid-user

order allow,deny
satisfy any
</IfModule>

But I can't get it to work in Apache 2.2.x 

Has anyone got any recommendations on applying different directives depending on whether it's
port 80 or port 443 ?

Thanks
Paul



-- 
Paul Reilly
Systems Group
IS Services
Trinity College Dublin
e: paul.reilly@xxxxxx

p: +353-1-896-2152