I am having a bit of an issue with .htaccess. I want to stop mod rewrite taking effect if the directory is secure, or any sub directory/file of secure. I have set up .htaccess as follows:
RewriteEngine On
RewriteBase /
#skip next rule if url starts with secure/
RewriteRule ^/secure/(.*) - [L,S]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [L]
<Files 403.shtml>
order allow,deny
allow from all
</Files>
Does anyone have any idea why it isn’t working? I can’t just turn off mod rewrite for that directory because I need to use htpassword for the directory.
Probably just need to get rid of the leading slash. htaccess rewrites match against relative paths.
Hi Jeff, thanks for your suggestion. I had tried it both ways but neither work…
I have noticed that the .htaccess at above does seem to work if I removed the .htaccess files from the subdirectories in the “secure” folder - but I need to keep these for the password protection. Any thoughts around what in either of these files might be causing a conflict:
AuthName "Shareholders Area"
AuthUserFile "/home/summer/passwd"
Require valid-user
<Files onefilecms.php>
order allow,deny
allow from all
satisfy any
</Files>
AuthUserFile "/home/summer/passwd"
AuthType Basic
AuthName "Shareholders Area"
require valid-user
As best as I can tell, the auth module runs before the rewrite module, and if the user isn’t authenticated, then the auth module sends the unauthorized response immediately. No other module, including rewrite, gets a chance to execute. There might be some creative way around this, but I’m not sure what that is yet.