Reputation: 101
.Htaccess rewrite and password protected folder issue
I have searched all day for a solution to the problem I'm having and found many proposed solutions, although none of them worked. I have url rewriting set up and everything works fine except for one folder. If a folder or file exists do not rewrite it otherwise send it into index.php for handling. The one subfolder that is giving the problem is password protected. The password protected folder gets re-written into the index.php as if the subfolder is invalid. The other subfolders work fine and do not have a .htaccess in them. folder structure and .htaccess below.
Folder structure with relevant files
- public_html(root)
- fonts
- images
- js
- css
- email
- .htaccess
- index.php
- .htaccess
- index.php
public_html/.htaccess
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^.*$ /index.php [L]
public_html/email/.htaccess
AuthType Basic
AuthName "email"
AuthUserFile "/home/site/.htpasswds/public_html/email/passwd"
require valid-user
I tried to turn off rewrite inside of email folder to prevent the rewrite form propagating in this solution had no apparent effect.
## turn off rewrite engine
RewriteEngine off
AuthType Basic
AuthName "email"
AuthUserFile "/home/site/.htpasswds/public_html/email/passwd"
require valid-user
I also tried filtering out the folder in the root .htaccess which also seemed to be ignored as well and made no apparent difference.
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} !^email
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
Any help with this would be greatly appreciated!
update 2/23/2015: 11:20am(est)
One thing I have noticed if I disable the url rewriting and authenticate for the folder then re-enable rewriting everything works as expected. It appears to only happen if you are not already authenticated.
Upvotes: 2
Views: 855
Answers (2)
Reputation: 101
After giving up on this for a while I looked back into this today and found the solution. Posted below. The 401 error is interpreted by apache as a 404 error and passing along to the rewrite. The solution is to add ErrorDocument 401 default before the RewriteEngine is turned on. This seems redundant telling it to use the default error message explicitly, but it does resolve the error.
ErrorDocument 401 default
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} !^email [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
Upvotes: 3
Reputation: 24468
Your filtering out email folder wasn't working because your condition isn't being matched. You almost had it. REQUEST_URI also matches the prepending / so because you didn't have it before email it was not matching. You have to include it when using REQUEST_URI in the condition. It's a real folder so you shouldn't need it but try it this way.
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} !^/email [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
Also clear you browser cache before trying updated rules.
Upvotes: 1
Related Questions
- .htaccess password protected folder goes to 404 page
- htaccess adding password while enabling directories view in browser
- 404 errors with wordpress password protected directory
- Protecting folders with .htaccess
- password protect directory with .htaccess
- Password protect directory with .htaccess
- How to secure a folder access through .htaccess?
- htaccess password protected directory and mod_rewrite RerwriteCond
- .htaccess and .htpasswd to prevent access to folder problem
- htaccess password protection and mod-rewrite?