0

My document_root is /home/john/public_html.

I need the URL example.com/subdir/index.php to be handled by the file /home/john/public_html/index.php.

This is what I put in /home/john/public_html/.htaccess:

RewriteEngine on
RewriteRule ^.+$ index.php

i.e. internally redirect everything to index.php.
That worked perfectly fine until I added HTTP authentication to a subdirectory, like this:

In file /home/john/public_html/subdir/.htaccess:

AuthType Basic
AuthName "Restricted subdir"
AuthUserFile "/home/john/.htpasswds"
require valid-user

Now when I request the URL example.com/subdir/index.php, Apache ignores my rewrite rule and asks the client to enter username and password (the typical HTTP authentication dialog).

Why is this happening and how can it be solved?

GetFree
  • 1,500
  • 7
  • 23
  • 37
  • what is your desired outcome? when users request `example.com/subdir/index.php` they are blocked access until they authenticate, then when authenticated, apache serves the `/home/john/public_html/index.php` ? – Michael Coleman Jan 19 '15 at 02:39
  • @MichaelColeman, The rewrite rule is actually conditioned to work under one specific domain only. I have two domains: `example.com` and `plain.example.com`. So the HTTP autentication is supposed to take place when the user visits `plain.example.com/subdir/*` – GetFree Jan 19 '15 at 03:09
  • cool, and I take it you are using separate virtual hosts? 1 for `example.com` and another virtual host for `plain.example.com` ? – Michael Coleman Jan 19 '15 at 03:21
  • @MichaelColeman, exactly, two virtual hosts with the same document_root. The question in the end is Why the HTTP authentication directives in a subdirectory have precedence over mod_rewrite directives in the parent directory? and Is there a way to change/configure that? – GetFree Jan 19 '15 at 03:29
  • 1
    Processing order: rewrite in server context -> authentication phase -> rewrite in dir context. Try to transform your rewrite to put it in the VHost config, so that it will be in server context (so not in `` or similar http://httpd.apache.org/docs/2.2/mod/directive-dict.html#Context), and remember that mod_rewrite behaves differently in server context. – Zimmi Jan 19 '15 at 11:33
  • @Zimmi, where is that processing order documented? – GetFree Jan 19 '15 at 20:31
  • 1
    @GetFree See RewriteCond doc: http://httpd.apache.org/docs/2.2/en/mod/mod_rewrite.html#rewritecond point 5 in paragraph "Other things you should be aware of:" here an extract : "within the per-server context (...) the authorization phases, which come after the URL translation phase (during which mod_rewrite operates). On the other hand, because mod_rewrite implements its per-directory context (.htaccess file) via the Fixup phase of the API and because the authorization phases come before this phase,..." – Zimmi Jan 19 '15 at 20:50

0 Answers0