I have a directory that I want to make sure is only using SSL. I have found articles that permit only users with a certificate but that is not what I want. I am not trying to prohibit any user from accessing the pages (legit users are required to authenticate). I just want to make sure that user does not inadvertently remove the 's' from https so the pages are served in the clear. What directive do I use in that <Directory> paragraph so that the pages will be served out as SSL pages only? I found some information on <Location> but that doesn't seem to fit what I want? TIA. P.S. I am running Apache 2.
Is this what you need? SSLRequireSSL Syntax: SSLRequireSSL Context: server config, virtual host, .htaccess, directory Override: FileInfo Status: Extension Module: Apache-SSL Compatibility: ?? Require SSL. This can be used in sections (and elsewhere) to protect against inadvertantly disabling SSL. If SSL is not in use when this directive applies, access will be refused. This is a useful belt-and-braces measure for critical information. Conversely, deny SSL connections with SSLDenySSL. Example: <Directory /some/where/important> SSLRequireSSL </Directory> http://www.apache-ssl.org/docs.html#SSLRequireSSL