I have a website which I want to restrict access to certain directories. Right now, I am using the plain-text http authentication with .htaccess.
I have an SSL certificate. And I know that if the browser is in SSL mode and *then* I navigate to the password protected portion of the site, that the username/passwd will be sent in encrypted form.
However, if someone deep links to the protected content, they will be prompted for username/passwd, but it will not be in SSL mode.
I tried to combine my mod_rewrite with my http auth in the same .htaccess file, but I get a server error. If I only use mod_rewrite to redirect to https://,
that works, and if I only use the http auth to ask for username/password, that works, but if I put them both in the same htaccess file, I get a server error.
Why is this? Is there a way to ensure that everything is being done in SSL? Thanks.