I have setup HTTPS with client authentification and everything runs smoothly.
In my webapplication I have pages, which should be accessed via HTTPS only.
However, access to any other pages should be allowed via http.
In terms of URLs the scenario can be described as follows:
HTTPS://mydomainname.com:8443/secret_data/ # Access allowed
HTTP://mydomainname.com/secret_data/ # Access forbidden
HTTP://mydomainname.com/* # Access allowed
People who access http://mydomainname.com/secret_data/ do not have to get redirected to "HTTPS://mydomainname.com:8443/secret_data/". Access should just be denied.
So to make a long story short: I want that access is denied to people who try to access pages below "mydomainname.com/secret_data/" via http .
On the other hand acces to pages via HTTPS should be granted. I have no idea how I can set this up using only one webapplication - which is what I want.
Note: I'm not using apache so I can't use any apache directives to restrict access to "/secret_data"!