4

I have a site with a virtual directory structure like mysite.com/folder/title which is actually a .htaccess rewrite to mysite.com/f/index.php?p=title. I want to password protect the folder folder with .htaccess, and know how to do that with actual folders. But I don't want to password protect the main site mysite.com, and right now if I put the .htaccess file in the mysite.com directory, I am protecting mysite.com and mysite.com/folder. I have also tried protecting mysite.com/f.

How can I protect only mysite.com/folder using .htaccess?

EDIT: Added .htaccess contents of mysite.com. 

<IfModule mod_rewrite.c>
RewriteEngine On

RewriteRule ^folder/(.*)$ /f/index.php?p=$1 [PT,L,QSA]
RewriteRule ^folder/*$ /f/index.php [L,QSA]

RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

</IfModule>

.htaccess file I tried in mysite.com/f This successfully protects the entire site when moved to mysite.com, so I know the path is correct. When it is in the subdirectory it generates a 404 error and not a password prompt.

AuthName "Restricted Area" 
AuthType Basic 
AuthUserFile /home/myusername/.htpasswd 
require valid-user
jkeesh
  • 3,289
  • 3
  • 29
  • 42
  • Do you have access to change the main server configuration? – David Z Sep 08 '10 at 18:52
  • 1
    Have you tried just to move the .htaccess file into the "f" folder to protect it? – 2ndkauboy Sep 08 '10 at 18:53
  • Yeah, just dragging it into `/f` should do the job. – Pekka Sep 08 '10 at 18:56
  • I don't have access to the main server configuration, and I have tried moving it to `/f` and it doesn't work. – jkeesh Sep 08 '10 at 19:01
  • @jkeesh what's the content of your `.htaccess` file? – aularon Sep 08 '10 at 19:03
  • Would this possibly do better on Server Fault? – Walter Mundt Sep 08 '10 at 19:12
  • I can put it there also, but there are definitely related questions here considering there are thousands of htaccess tagged questions. – jkeesh Sep 08 '10 at 19:32
  • did you ever get this resolved? I have the exact same situation, though there is no actual folder into which I can put .htaccess. I suspect like me you're running WordPress (certainly looks like a permalink rewrite rule in your htaccess). Would love to get a solution. – Tom Auger Feb 02 '11 at 21:48

3 Answers3

2

Old thread is old...

Stumbled across this while having a similar issue, password protecting a subdomain while keeping the main site without.

The solution was easier than I originally made it out to be.

In the document_root/.htaccess, domain.com/wiki was redirecting to domain.com/w (because that's cleaner? lol):

RewriteEngine On
RewriteRule ^/?w(/.*)?$ /wiki/index.php [PT,L,QSA]
RewriteRule ^/*$ /wiki/index.php [L,QSA]

In document_root/wiki/.htaccess the wiki directory was password protected:

AuthType Basic
AuthName "Restricted"
AuthUserFile "/home/user/.htpasswds/public_html/wiki/passwd"
require valid-user

I simply added this line to the top of document_root/.htaccess so it reads: 

AuthType None
RewriteEngine On
RewriteRule ^/?w(/.*)?$ /wiki/index.php [PT,L,QSA]
RewriteRule ^/*$ /wiki/index.php [L,QSA]

domain.com is no longer password protected and domain.com/wiki redirects as intended and with password protection.

Hope it helps someone else.

John Keane
  • 21
  • 2
0

One thing that works (but isn't the most elegant solution) is to actually create a folder named "folder" (or whichever virtual folder you're trying to password-protect) and put the .htaccess into it.

Lukas
  • 9,765
  • 2
  • 37
  • 45
0

Assuming you are using Apache 2.2

... and, that your server is running on a machine to which you do not have permission to modify the server configuration

... then, create: mysite.com/f/.htaccess with the rule you desire.

A good discussion of when to use this and when not to can be found here.

Perry Horwich
  • 2,798
  • 3
  • 23
  • 51
  • Hmm... Have you tried verifying that .htaccess is being loaded? One way to check is to put some non-sense in a text file, load a page from a directory that contains the bogus .htaccess file, and check your server log to verify an error was thrown. If this does not produce an error (file not loaded) then it may be that your problem is with AllowOveride being set to 'None' more here:httpd.apache.org/docs/current/mod/core.html#allowoverride – Perry Horwich Jul 08 '11 at 08:34