这是我的.htaccess：

This is my .htaccess:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

AuthUserFile /etc/hi
AuthName "hi"
AuthType Basic
require valid-user

，它要求使用http用户认证，这意味着将密码以纯文本形式发送。它会比重定向到HTTPS版本，再次询问密码。

It asks for user authentication using http, meaning that password will be sent in plain text. It will than redirect to the https version and ask the password again.

我怎样才能解决这个问题？

How can i fix it?

推荐答案

我周围得到这样。只允许非SSL，因为它会被重定向然后要求身份验证一次就SSL ...

I get around it this way. Just allow Non-SSL since it will be redirected then require auth once on SSL...

SetEnvIf %{SERVER_PORT} ^80$ IS_NON_SSL

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

AuthUserFile /etc/hi
AuthName "hi"
AuthType Basic
require valid-user
Allow from env=IS_NON_SSL