Apache-Password Protect Directory and Force SSL

[Shiner_Man]

I just installed Acid with mysql and snort but I don't want everybody having access to the alert statistics. What I want to do is password protect the acid main page and force it to use ssl.

I read some of th documentation on apache's site but I find it very confusing. Is their an easy way to set this up?
_________________
My Site

[Shiner_Man]

Okay after messing around with a bunch of things I figured out how to password protect the directory. Here is what I did.

[MrSpock]

The .htpasswd file shouldn't stay in your web-root, as it may be readable through browser. The .htaccess has to stay exactly in the directory you wonna protect. Make sure the rule for denying read access through apache to that file is denied. (should be if you didn't delete that section)
_________________
If we could change our past,
would that also change who we are?

[Shiner_Man]

So where is the recommended place to put .htpasswd? In /etc somewhere?
_________________
My Site

[MrSpock]

i put it in the root dir of my homedir.
_________________
If we could change our past,
would that also change who we are?

[Shiner_Man]

Okay. I'd rather put it somewhere else like /etc/apache2 since I clean out my home directory often.
_________________
My Site

[hanj]

Assuming you have SSL configured and working on the server, this is how you'd force SSL for that request

In you /etc/apache2/conf/vhosts/vhosts.conf file you'll need to add a entry for acid:

[BlinkEye]

i'm looking for a similar solution since a long time. still, it doesn't work for me. what i want is access a users directory with a login. but i want to be redirected to the secure socket before authenticating, how do i do that?

example: http://foodomain/~myuser -> rewrite to: https://foodomain/~myuser and NOW ask me to authenticate. any idea?
_________________
Easily backup up your system? klick
Get rid of SSH Brute Force Attempts / Script Kiddies klick