RewriteEngine On RewriteBase / # SSL Enforement RewriteCond %{SERVER_PORT} !^443$ RewriteRule (.*) https://%{SERVER_NAME}%{REQUEST} # Basic Auth protection AuthType Basic AuthName "secured area" AuthUserFile /path/to/.htpasswd require valid-user # Protect every file excluding CSS, JS, PHP and HTML Order Deny,Allow Deny from all Order Allow,Deny Allow from all Order Allow,Deny Allow from all