Restrict Apache to only allow access using SSL for some directories
Solution 1:
The SSLRequireSSL directive is what you're looking for.
Inside your <VirtualHost>
, or at the top level if you're not using virtual hosts:
<Directory /topsecret>
SSLRequireSSL
</Directory>
Or in .htaccess
:
SSLRequireSSL
Solution 2:
In the global configuration you could use:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule .* https://%{HTTP_HOST}/%{REQUEST_URI} [R=301,L,QSA]
</IfModule>
Similarly you could use a .htaccess file in the first directory of the secure directory tree:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule .* https://%{HTTP_HOST}/%{REQUEST_URI} [R=301,L,QSA]
</IfModule>
That last one could also be placed inside a directory directive in the global or virtual host configuration.