This is if the htaccess file is in the / folder where login.php resides.
What is happening is that when a user makes a non-SSL encrypted request in the / folder, the SSLRequireSSL directive issues a 403 Error back, then the ErrorDocument redirects to the https page and THEN the htaccess password prompt appears.
This gets rid of the double-login double prompts for htaccess passwords that occur when the domain is different.
- Code: Select all
SSLRequireSSL
ErrorDocument 403 https://secure.example.com/login.php
AuthUserFile /wwwroot/.htpasswd
AuthGroupFile /dev/null
AuthName "webmail"
AuthType basic
require valid-user
