So here is my problem i need authentication from https with redirection if user types http instead of https. Also only ask to authenticate when in https.

I have apache redireting any request with a specific folder to https
in the vhosts.d/00_default_vhost.conf

RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} ^/SpecialFolder/(.*)
RewriteRule ^/(.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]


I also have any https requests for folders other that that special folder redirecting to http as follows in the modules.d/41_mod_ssl.default-vhost.conf

RewriteCond %{HTTPS} on
RewriteCond %{REQUEST_URI} !^/SpecialFolder/(.*)
RewriteRule ^/(.*) http://%{HTTP_HOST}%{REQUEST_URI} [R,L]


The tricky part is when I add the .htaccess file to the SpecialFolder

here is what I got the minute I add this I get a 401 error reguardless of how I try to access it. Im not sure what else to try
the only way to access the file is to remove the .htaccess file

here is what I got in the .htaccess

SSLOptions +StrictRequire
SSLRequireSSL
AuthName "Restricted Access"
AuthType Basic
AuthUserFile /x/y/z/.htpasswd
AuthGroupFile /x/y/z/.htgroup
<Limit GET>
Require group SpecialGroup
</Limit>

If I remove the .htaccess file it redirects me to https as it should and displays the page. if its an http then it just displays the page byut of course no authentication.

I would like it to ask me for authentication only when I am in https not in http.

Well it was my dumb mistake that caused a huge headache.

It turns out I was redirecting my 401 errors to a fancy looking page so it would never give me the prompt to type in the username and password.

The code I posted above actually works like a charm!!!