According to Raymond J. Henry:

Thanks to those that gave me input. I did manage to find the problem. I decided to stop trying to deal with the .htaccess file, and start at the beginnning. Sure enough, there it was. In the httpd.conf file, AllowOverride None for the .htaccess control. Changed it to AllowOverride All, and it now prompts for login when going to https://hermes.manitobamall.net.

That would have been my next guess... :)

Next step is to see how to prevent it from accessing the page when going to http://hermes.manitobamall.net.

I think all you'd have to do is add the following to the .htaccess file...

<IfDefine HAVE_SSL> SSLRequireSSL SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)-/ ) </IfDefine>

In addition, if you would like to have people redirected to the secure port, rather than just getting an error when they come in via http, you can add the following within the IfDefine tags...

<IfModule mod_rewrite.c> RewriteEngine on # For testing (logs a lot!): #RewriteLog /var/log/httpd/rewrite_log #RewriteLogLevel 9 # Rather than just deny non-SSL access, we'll redirect to https: # See http://www.apache.org/docs/misc/rewriteguide.html RewriteCond %{SERVER_PORT} ^80$ RewriteRule ^/(.*) https://hermes.manitobamall.net/$1 [L,R] </IfModule>

We use a similar trick for our web-based mail software, to force the browsers to use SSL, to encrypt not only the passwords, but also the e-mail content itself.

The rewrite/redirect is much "friendlier" than just giving the users an error, IMHO.

Aren't computers fun? <G>

I think so! :)