Hi Experts, I have search around, but unfortunately could not find an answer to my question: Does Apache differentiate access protocol on requests (apart from the another port number requested)? The setup I am trying to achieve is: /root_dir accessible by either HTTP or HTTPS with no password /root_dir/sub_directory/ accessible only by HTTPS and with 'Require user'. No HTTP request should be accepted. Any comments or may be syntax would be greatly appreciated. Thank you.
Put a .htaccess file inside the sub_directory and put the following lines, AuthName "restricted stuff" AuthType Basic AuthUserFile /<path>/users require valid-user and include the following rewrite rule too. RewriteEngine on RewriteCond %{HTTP_HOST} !^yourserver\.name [NC] RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^/(.*) https://yourserver.name