Restrict Apache to only allow access using SSL for some directories

https apache-2.2 ssl

Solution 1:

The SSLRequireSSL directive is what you're looking for.

Inside your <VirtualHost>, or at the top level if you're not using virtual hosts:

<Directory /topsecret>
  SSLRequireSSL
</Directory>

Or in .htaccess:

SSLRequireSSL

Solution 2:

In the global configuration you could use:

<IfModule mod_rewrite.c>
   RewriteEngine On
   RewriteCond %{HTTPS} !on
   RewriteRule .* https://%{HTTP_HOST}/%{REQUEST_URI} [R=301,L,QSA]
</IfModule>

Similarly you could use a .htaccess file in the first directory of the secure directory tree:

<IfModule mod_rewrite.c>
   RewriteEngine On
   RewriteCond %{HTTPS} !on
   RewriteRule .* https://%{HTTP_HOST}/%{REQUEST_URI} [R=301,L,QSA]
</IfModule>

That last one could also be placed inside a directory directive in the global or virtual host configuration.

Solution 3:

Someone mentioned SSLRequireSSL but I don't think it works by itself and I haven't found a successful example with it. The recommended way is https://wiki.apache.org/httpd/RedirectSSL I've applied that and it works well!

Related

Does Google Domains support CNAME-like functionality at the zone apex?
How to repeatedly call rsync until files are sucessfully transferred
Move files to another directory which are older than a date
Postfix TLS over SMTP - RCPT TO prompts renegotiation then 554 5.5.1 Error: no valid recipients
Is logging in as a shared user a bad habit?
Merging variable with string in config file
What things do you look for when picking a server hosting company?
How to allow a range of IP's with IPTABLES?
Can you have a multi-line comment a crontab
How to Exclude an URL for Apache Mod_proxy?
Is there a way to check that a dictionary key is not defined in ansible task?
Service WAS was not found on computer '.'