Goal
- My goals is want to redirect all http traffic to https with www. prefix
- I want to add htpasswd in my admin directory.(https)
Current problem
When I access to
https://www.myshop.com/my/admin it prompt for Basic Authenticate. When I input correctly, it redirect to http://www.myshop.com/my/admin and prompt again the Basic Authenticate, I need to type again then I only redirect back to https://www.myshop.com/my/admin then show me the login page.
Below is my code, which part I did wrong, or what is the best solution to do it?
my opencart put in a folder of country name .eg /my for malaysia
in my root file, I have opencart .htaccess
my vhost is set under
/var/www/html/opencart2/
all my development files are here.
/var/www/html/opencart2/my/
my .htaccess
/var/www/html/opencart2/my/.htaccess
# 1.To use URL Alias you need to be running apache with mod_rewrite enabled.
# 2. In your opencart directory rename htaccess.txt to .htaccess.
# For any support issues please visit: http://www.opencart.com
Options +FollowSymlinks
# Prevent Directoy listing
Options -Indexes
# Prevent Direct Access to files
<FilesMatch "\.(tpl|ini|log)">
Order deny,allow
Deny from all
</FilesMatch>
# SEO URL Settings
RewriteEngine On
# If your opencart installation does not run on the main web folder make sure you folder it does run in ie. / becomes /shop/
RewriteBase /my/
#force run https
RewriteCond %{HTTP_HOST} ^myshop.com$
RewriteRule ^(admin)($|/) - [L]
RewriteRule (.*) https://www.myshop.com/my/$1 [R=301,L]
#AWS EB REDIRECT to https
#RewriteCond %{HTTP:X-Forwarded-Proto} !https
#RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteRule ^sitemap.xml$ index.php?route=feed/google_sitemap [L]
RewriteRule ^googlebase.xml$ index.php?route=feed/google_base [L]
#NEW REWRITE RULES
RewriteRule ^contact/?$ index.php?route=information/contact [L] #Contact Page
#END NEW REWRITE RULES
RewriteRule ^download/(.*) /index.php?route=error/not_found [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !.*\.(ico|gif|jpg|jpeg|png|js|css)
RewriteRule ^([^?]*) index.php?_route_=$1 [L,QSA]
### Additional Settings that may need to be enabled for some servers
### Uncomment the commands by removing the # sign in front of it.
### If you get an "Internal Server Error 500" after enabling any of the following settings, restore the # as this means your host doesn't allow that.
# 1. If your cart only allows you to add one item at a time, it is possible register_globals is on. This may work to disable it:
# php_flag register_globals off
# 2. If your cart has magic quotes enabled, This may work to disable it:
# php_flag magic_quotes_gpc Off
# 3. Set max upload file size. Most hosts will limit this and not allow it to be overridden but you can try
# php_value upload_max_filesize 999M
# 4. set max post size. uncomment this line if you have a lot of product options or are getting errors where forms are not saving all fields
# php_value post_max_size 999M
# 5. set max time script can take. uncomment this line if you have a lot of product options or are getting errors where forms are not saving all fields
# php_value max_execution_time 200
# 6. set max time for input to be recieved. Uncomment this line if you have a lot of product options or are getting errors where forms are not saving all fields
# php_value max_input_time 200
# 7. disable open_basedir limitations
# php_admin_value open_basedir none
under my admin folder .htaccess /var/www/html/opencart2/my/admin/.htaccess
AuthType Basic
AuthName "Admin Area"
AuthUserFile /usr/share/apache/secret/.htpasswd
Require valid-user
I create a similar environment for this case https://opencart.webhop.me/my/admin/
username: admin password: admin
As you login u see it will prompt two times.
If admin login form is submitting to http:// you probably need to update admin/config.php constant
HTTPS_SERVERand make sure it has https:// in the url. Also make sure you have "Use SSL" set to "yes" in your admin settings.