Force HTTP AUTH over HTTPS

apache .htaccess mod-rewrite url-rewriting http-authentication

Rather than do this in PHP, I suggest you implement it on the web server layer. Add this to the top of your .htaccess file:

RewriteEngine onRewriteCond %{HTTPS} offRewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

And remove your PHP redirect code.

But this is still going to require log-in before the redirect is issued, with the details being transferred insecurely. What you really need is two <VirtualHost> blocks in Apache. One for port 80 that redirects requests for your directory to HTTPS, and one for port 443 that has the HTTP AUTH configured.

Update

Also it makes no sense to try and issue a 302 redirect within a document that is used as the 403 error document, since the status code has already been set and the document is only being used to generate the body of that response, so it can't now change the response code to 302 because it has already been set to 403. The approach I've outlined above will work, or you could simply deny HTTP requests and serve HTTPS only for that directory.

apache .htaccess mod-rewrite url-rewriting http-authentication

If you're behind beanstalk or any loadbalancer then you can set redirect on that level. Otherwise write .htaccess config suggested by @SuperDuperApps. This should be a comment but I don't have enough rep ;-)

CodeHunter

Force HTTP AUTH over HTTPS

Recent Posts

How can I color dots in a xy scatterplot according to column value?

How to update a claim in ASP.NET Identity?

What does {0} mean when initializing an object?

Accessing members of items in a JSONArray with Java

How to log SQL statements in Spring Boot?

Powershell Get-WebSite name parameter is ignored

How to detect scroll to bottom of html element

Java synchronized method

How to test controllers with CodeIgniter?

Detect Visual Composer

Matplotlib: Specify format of floats for tick labels

Rails join a list of strings with commas and "and" before the last