Okay, I've figured it out.
Before you begin, ensure that hidden files are visible in cPanel File Manager.
First, I had to create a new .htaccess file in my
public_html directory. (If the .htaccess file is not in this exact location, then the redirect code will NOT work.)
I then put the following redirect code inside of this .htaccess file:
Code:
RewriteEngine On
RewriteCond %{HTTP_HOST} !=""
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTPS}s ^on(s)|
RewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
I copied the above code verbatim from this Stack Overflow answer:
My website is password-protected with Basic Authentication via another .htaccess file that is located in my root folder (i.e.: /home/username).
The above redirect code only worked properly when this Basic Authentication code was
removed. That is, if the Basic Authentication code existed (and my website was password-protected), my website would redirect to
https://www.mysite.x10host.com/401.shtml, every time.
To fix this issue, I had to add the following two lines of code to the .htaccess file that is located in my root folder:
Code:
ErrorDocument 401 "Unauthorized Access"
RewriteEngine off
I found this solution on this blog post:
The blog post explains the Apache bug:
For basic authentication, the server writes a "401 Unauthorized" header and then looks for an error document based on a pre-defined path. Most of the time, the error document won't exist in the directory that you want to protect, so the request gets handled by the rewrite engine which throws a 404 error.
The solution to this problem is pretty straightforward. You need to add a single line of code to your .htaccess file instructing Apache to ignore the error document.
At this point, I thought that I was home free. My website would automatically convert every non-www-URL to the www-URL, just as desired. I could log-in to my website via Basic Authentication, without ever being redirected to 401.shtml.
Alas, I noticed a new problem...
When I would navigate to mysite.x10host.com with a cleared cache, the Basic Authenication dialog would appear, but the domain in the address-bar would still read
http://mysite.x10host.com.
As stated in my last post, the primary reason why I wanted SSL in the first place was for this username/password form. But, my website would convert the non-www domain to the www-domain only
after logging into the site. So, the login was still unsecure.
To fix this issue, I had to wrap my Basic Authenication code (found in .htacess) with an Apache If directive, like so:
Code:
<If "%{HTTP_HOST} == 'www.mysite.x10host.com'">
AuthType Basic
AuthName "Password Protected"
AuthUserFile /path/to/htpasswd
require valid-user
</If>
What this If directive does is make sure that the user is only prompted for the password AFTER the domain has been redirected to the www version.
I learned about this method from:
At last, my website is finally working as desired, without a hitch.
I hope that this post finds other lost souls.
