i thought it might be fair to assume that there's some order in which statements are evaluated. like maybe the rewrite engine would be evaluated before the server actually bothers to go check the .htaccess file you know what i mean?
sadly, most of the site is just plain old http. there are 3 or 4 admin type interfaces which i need to be hosted https to avoid clear-text transmission of sensitive passwords. in one particular subdirectory, the one i'm working with now (call it http://mydomain.com/foo/admin
), the pages need to be password protected but the underlying PHP pages have no means of authenticating themselves so i must rely on apache authentication to protect that folder with a password requirement. i DO NOT want the parent folder (http://mydomain.com/foo
) to require any password auth at all.
i'm not really sure what you are suggesting. the need for https is scattered rather arbitrarily throughout my site. There's a shopping cart type thing, a webmail interface, webstats, a phpmyadmin, etc. In some cases I can force https or password auth through php...in this one case I cannot.