Using htaccess to force https not working for full urls with htpasswd

Question

I am currently using htaccess to force all http requests on my apache2 server go to https. https is setup and working properly. The htaccess rewrite is working if i use just the base domain name (ex: http://mydomain.com ), however if i do something like http://mydomain.com/index.php i get a 401 error saying i am not authorized. I should mention my htaccess also restricts all content to authorized users with a htpasswd file.

Without using the rewrite for http -> https, both http and https work properly using any url long as the person is logged in. If they are not it will ask them to log in. When i put the rewrite back in it does not ask to user to log in, and simply shows a 401 error page.

this is my htaccess file:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
AuthName "Enter Account Info... Or your computer will blow up!!!"
AuthType Basic 
AuthUserFile /<censored>/.htpasswd 
AuthGroupFile /dev/null 
require user <censored>

Without those rewrite lines, everything works fine. a request to either http or https will function normally, but using rewrite for anything other then the base domain seems to break somewhere.

i have tried various rewrite rules i have found around the web, all give same results, working fine for base url, not for direct page links.

Answer 1

I had similar problem, this is what worked for me.

In your httpd.conf, under virtual hosts, make sure you have both:

ServerName domain.com

ServerAlias www.domain.com

BOTH in VirtualHost *:80 AND VirtualHost *:443