Forcing SSL through .htaccess on Apache

Did a search on this, found nothing. Tried posting once but got an error message - need to have 5 posts before I can post an URL. We'll, I'll give it another try...

I'm running an SSL-protected site on Apache 2.0.4. The entire site is protected through Basic Auth in the root .htaccess file. Supplied username is after successful authentication checked by index.php and user redirected to correct subdirectory, one for relatives, the other for guests. The only files in my wwwroot directory are thus the .htaccess and index.php files, and I want even these SSL-protected.

SSL is enforced on all connections (speed isn't an issue) through the following lines in root .htaccess:

RewriteEngine On
RewriteCond %{SERVER_PORT} !443
RewriteRule (.*) https [colon] [slash][slash] www [dot] my domain [dot] com/ [R]
(weird URL to fool forum since I'm not allowed to post URLs before 5 posts)

Apache seems to parse the .htaccess in a weird order. It first asks for authentication, then redirects to SSL and then asks for authentication again. Thus users need to authenticate twice and the first authentication isn't SSL-encrypted.

How can I avoid the first step? I want Apache to redirect to SSL first, then ask for authentication.

Grateful for ideas/suggestions.

Marc

 

 

 

 

Top