Thanks for the replies.
Just to be clear:
I have a main, non-secure page, with a private subfolder (eg:
www.foobar.com/private) that requires ssl and apache basic authentication. I just want to make sure that when a user moves from the non-secure main page to the private area, the basic authentication will happen through ssl.
I think this is what happens with the way I have things setup now (as described in the original post). The virtual host is probably the best solution, but just so I understand:
in the httpd.conf file, would I have to put the redirect rule (using mod_rewrite to ensure ssl) before the <Directory> basic authentication rule? Does order matter in this case?