CPANEL-40585 - Force HTTPS on password-protected directory

msklut

• May 06, 2022 07:20

We have a password-protected directory /admin
that is not automatically redirecting to a secure/HTTPS page. The .htaccess
has a redirect rule for the entire website, but it is not working for this directory because of the password-protection. Does anyone have suggestions? pre_virtual_host.conf (Apache Configuration " Include Editor) AuthType Basic AuthName "Authentication Required" AuthUserFile /etc/apache2/htpasswd/.htpasswd Require valid-user ErrorDocument 401 "Authentication Required" Options +Includes
public_html/.htaccess #HTTPS Redirect RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

• 

  cPRex Jurassic Moderator

  • May 06, 2022 14:36

  Hey there! I believe this is due to the order of your configuration. The Apache includes will get read before the local .htaccess with your example. However, if you use the cPanel >> Directory Privacy tool, that creates a local .htaccess inside the specific directory you're protecting with the following code: #----------------------------------------------------------------cp:ppd # Section managed by cPanel: Password Protected Directories -cp:ppd # - Do not edit this section of the htaccess file! -cp:ppd #----------------------------------------------------------------cp:ppd AuthType Basic AuthName "Protected 'public_html/privacytest'" AuthUserFile "/home/username/.htpasswds/public_html/privacytest/passwd" Require valid-user #----------------------------------------------------------------cp:ppd # End section managed by cPanel: Password Protected Directories -cp:ppd #----------------------------------------------------------------cp:ppd
  Doing that instead of using the Apache include system will likely get things working how you expect.

  0
• 

  msklut

  • May 06, 2022 14:56

  I gave that a try, but it still doesn't redirect to HTTPS when I access that directory.

  0
• 

  cPRex Jurassic Moderator

  • May 06, 2022 16:58

  I did some additional testing on my end and confirmed this isn't working as intended. I've created case CPANEL-40585 for our developers to look into this, and you can follow along with that case here:

  0
• 

  msklut

  • May 07, 2022 14:43

  Based on Apache 2.4, would this be the preferred 'HTTPS redirect' method? NameVirtualHost *:80 ServerName www.yourdomain.com Redirect / https://www.yourdomain.com
  

  0
• 

  cPRex Jurassic Moderator

  • May 09, 2022 14:13

  I always perform the redirect inside the .htaccess file. For other pieces of software, such as WordPress, you may need a plugin like ReallySimpleSSL or similar to ensure the WordPress structure is redirected properly. That is the correct format for an Apache redirect, although many people prefer to use " Redirect permanent / Example Domain" as the last line. With a cPanel-based machine though, remember you can't edit the Apache configuration directly.

  0
• 

  msklut

  • May 09, 2022 15:35

  This method worked:

  0

Please sign in to leave a comment.