3

I've got WordPress installed in the root directory of my web server, and it puts the following rewrite rules into the root .htaccess:

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
</IfModule>

In the subdirectory forum is another PHP application that needs to be protected by HTTP Basic auth. As you would expect there is a .htaccess file in the forum directory which looks like this:

AuthType Basic
AuthName MembersArea
AuthUserFile /home/user/public_html/needsecure/.cnk-htpasswd_db/.1_htpasswd
require valid-user

Now the RewriteCond statements in the root .htaccess file should, as far as I can tell, ensure that if a user visits a subdirectory directly then no rewriting should occur. Same for a physical file, and for files named index.php. Yet when visiting /forum, /forum/ or even /forum/index.php the WordPress 404 page shows.

I tried excluding the forum directory from the rewrite rules altogether with

    RewriteCond %{REQUEST_URI} ^forum/

before the final rewrite rule, which didn't work. I also tried

    RewriteRule ^forum(.*)$ - [L]

above all the other rules, and that too didn't work. I even tried RewriteEngine Off in forum/.htaccess and that didn't work.

If I remove the WordPress rewrite rules it fixes the problem, and if I remove the basic auth rules it fixes the problem. It's only when both are present that it goes wrong: It's as if the basic auth completely breaks the rewrite conditions. Is this a known thing?

Any suggestions? This is getting on my nerves now, I've been messing with it all night.

Matt Lowe
  • 43
  • 1
  • 5

1 Answers1

2

To exclude the forum directory from the wordpress Rule add the condition as below

#if its not the forum directory
RewriteCond %{THE_REQUEST} !^[A-Z]{3,9}\ /forum/  [NC]  
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
Ulrich Palha
  • 9,411
  • 3
  • 25
  • 31
  • Works like a charm, thanks. I omitted the final / as I want `example.com/forum` to also work, and I can live with the implications of the missing slash. – Matt Lowe Feb 15 '12 at 09:39
  • One question though ... why doesn't this work REQUEST_URI? Does basic auth interfere with it? – Matt Lowe Feb 15 '12 at 09:42
  • @MattLowe It would work with URI too, but you missed the leading slash i.e should have been `RewriteCond %{REQUEST_URI} ^/forum/` – Ulrich Palha Feb 15 '12 at 12:29
  • 1
    Nope, I tried both with and without the leading slash. I tried omitting the leading slash as I was under the impression it's not supposed to be there when applying the rule in a .htaccess file ...? – Matt Lowe Feb 16 '12 at 09:59