Fixes double-login problem and guarantees that htpasswd basic authorization can only be entered using HTTPS.

NOTE: You will only find this method on this site and it is the most secure way to do this.

 SSLOptions +StrictRequire
 SSLRequireSSL
 SSLRequire %{HTTP_HOST} eq "askapache.com"
 ErrorDocument 403 https://askapache.com
 

NOTE:The HTTPS variable is always present,evenif mod_ssl isn't loaded! Based on HTTPS variable (best)

RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R,L]

Based on SERVER_PORT

RewriteCond %{SERVER_PORT} !^443$
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
RewriteCond %{SERVER_PORT} ^80$
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
RewriteRule "^/normal/secure(/.*)" "https://%{HTTP_HOST}$1" [R=301,L]

Check to see whether the HTTPS environment variable is set

RewriteCond %{HTTPS} !=on
RewriteRule "^(/secure/.*)" "https://%{HTTP_HOST}$1" [R=301,L]

This lets you use hyperlinks like this

/doc.html:SSL –

> https://google.com/doc.html

/doc.html:NOSSL –

> http://google.com/doc.html

RewriteRule ^/(.):SSL$ https://%{SERVERNAME}/$1 [R,L] RewriteRule ^/(.*):NOSSL$ http://%{SERVERNAME}/$1 [R,L]