I've setup a personal website that should be accessible by merely a couple of people online. Let me setup a mix of fundamental authentication and https.

To date I've everything works ok basically directly key in https://blah.com/location1. However things i need would be to have apache redirect http://blah.com/location1 to https://blah.com/location1 after which do fundamental authentication i.e I'm not going fundamental authentication to become done prior to the redirection. Right now this is exactly what I've on my small apache config.

WSGIScriptAlias /site /path/to/site/apache/site.wsgi

<Directory /path/to/site/apache>
    WSGIApplicationGroup %{GLOBAL}
    Order deny,allow
    Allow from all
</Directory>

<Location /site>
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

    AuthType Basic
    AuthName "Site login"
    AuthUserFile /path/to/site/.htpasswd
    Require valid-user
</Location>

Note: I just have the authentication for /site. And So I should have the ability to access http://blah.com/site1, http://blah.com/site2 without requiring authentication.

The issue using the rewrite rules that "convert" HTTP demands into HTTPS demands is they don't avoid the first request to become made over plain HTTP (as you become a redirect towards the HTTPS URL).

What you might do is split your website into two virtual hosts: one for HTTP and something for HTTPS.

Around the HTTP virtual host, implement the rewrite if you would like, but forbid use of <Location /location1> in most cases (only perform the rewrite).

Around the HTTPS virtual host, configure <Location /location1> with fundamental authentication.

I responded here Apache 2.2 redirect to SSL *then* do auth (with solution < but is it crap?), an answer designed to use SSLRequireSSL, along with a ErrorDocument 403 coming back an html 403 error page that contains a JavaScript that will reload the page to HTTPS ... the very best solution I discovered without splitting the configuration file in 2, one loaded through the VirtualHost on port HTTP, alternatively on port HTTPS.