THANKS. I believe this is doing what I want. Let me see if I understand this.
q1: These directives are only allowed when you have mod_ssl installed, correct?
q2: These directives are all permissible in an .htaccess file context (which is where I've added them) ?
Code:
SSLOptions +StrictRequire
I don't fully understand the text describing this directive, but think I understand that it forbids access if the SSLRequire or SSLRequireSSL directives' conditions are not met.
This directive requires SSL to be in effect for ALL requests in the current directory and its subdirectories.
Code:
SSLRequire %{HTTP_HOST} eq "www.domain.com"
This directive requires that the HTTP_HOST value *must be*
www.domain.com and nothing else. Is it case sensitive?
Code:
ErrorDocument 403 https://www.domain.com
I don't really know what this is doing. Is it somehow connected to the other 3 statements?