0

I'm using URL rewriting on my website and i would like to add an authentication via .htpasswd file to one of my directory.

My website is build like that

/home/website/
/home/website/protected/
/home/website/protected/.htaccess
/home/website/protected/.htpasswd
/home/website/protected/admin.php
/home/website/.htaccess
/home/website/index.php
/home/website/index_protected.php

On /home/website/ directory i got a .htaccess file :

RewriteRule ^directory([0-9]+)/protected/([a-z0-9-_]+).php   /home/website/protected/admin.php?d=$1&p=$2 [QSA]

Using url like 

http//website/directory1/protected/test.php

you will call

/home/website/1/protected/admin.php?d=1&p=test

On .htaccess from /protected/ directory i got :

AuthName "Page d'administration protégée"
AuthType Basic
AuthUserFile "/home/website/protected/.htpasswd"
Require valid-user

And on .htpasswd from /protected/ directory i got :

admin:crypted_password

But my problem is that, when i call 

http//website/directory1/protected/test.php

i never got the authentication windows, any idea to fix this?

Natha
  • 55
  • 5

2 Answers2

0

You can try to place .htaccess file with Basic Auth directives to protected directory.

Vladimir Kadalashvili
  • 747
  • 2
  • 5
  • 17
  • Maybe i've not understand, but in my /protected/ directory i already got the .htaccess file with "Basic Auth" directive – Natha Jul 04 '12 at 13:55
0

This mostly happens when the server is not using .htaccess file. Check that it is allowed to use that file in /home/website/protected/ not only /home/website/.

Peon
  • 7,902
  • 7
  • 59
  • 100
  • Nop, if i open the URL http://website/protected/admin.php the authentication windows open, so it seems to be allowed – Natha Jul 04 '12 at 13:59
  • Wait, so you get authentication screen on website/protected/admin.php but not on website/protected/test.php? Try adding the RewriteRule after the authentication rule. Maybe that's what messing you up. – Peon Jul 04 '12 at 14:02
  • In fact, i got to .htaccess file, first one on /website/ with rewrite rules and second one in /website/protected/ with authentification rule. In /website/protected/admin.php i need to have the $_GET['d'] and $_GET['p'] which are given from the 1st .htaccess (the one with rewriting rules). The test.php page don't exist, the url rewriting just convert it to p=test and send it to /website/protected/admin.php file – Natha Jul 04 '12 at 14:11
  • It sounds pretty strange to use rewrite for website/protected in website. The rewrite is the only thing I can think of, that messes up your authentication. Try moving it into proteced .htaccess – Peon Jul 04 '12 at 14:17
  • I can't, i need to make the url rewriting on /website/ directory, if i don't, visitor can't access /directory1/ – Natha Jul 04 '12 at 15:49