SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Wizard
    Join Date
    Dec 2002
    Location
    New Zealand
    Posts
    1,021
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    htaccess rule not working to exclude directory

    I am having a bit of an issue with .htaccess. I want to stop mod rewrite taking effect if the directory is secure, or any sub directory/file of secure. I have set up .htaccess as follows:


    Code:
    RewriteEngine On
    
    
    RewriteBase /
    
    
    #skip next rule if url starts with secure/
    RewriteRule ^/secure/(.*) - [L,S]
    
    
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^(.*)$ index.php/$1 [L]
    
    
    
    
    <Files 403.shtml>
    order allow,deny
    allow from all
    </Files>
    Does anyone have any idea why it isn't working? I can't just turn off mod rewrite for that directory because I need to use htpassword for the directory.

  2. #2
    SitePoint Wizard bronze trophy Jeff Mott's Avatar
    Join Date
    Jul 2009
    Posts
    1,314
    Mentioned
    19 Post(s)
    Tagged
    1 Thread(s)
    Probably just need to get rid of the leading slash. htaccess rewrites match against relative paths.
    "First make it work. Then make it better."

  3. #3
    SitePoint Wizard
    Join Date
    Dec 2002
    Location
    New Zealand
    Posts
    1,021
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi Jeff, thanks for your suggestion. I had tried it both ways but neither work...

    I have noticed that the .htaccess at above does seem to work if I removed the .htaccess files from the subdirectories in the "secure" folder - but I need to keep these for the password protection. Any thoughts around what in either of these files might be causing a conflict:

    Code:
    AuthName "Shareholders Area"
    AuthUserFile "/home/summer/passwd"
    Require valid-user
    
    
    <Files onefilecms.php>
    order allow,deny
    allow from all
    satisfy any
    </Files>
    Code:
    AuthUserFile "/home/summer/passwd"
    AuthType Basic
    AuthName "Shareholders Area"
    require valid-user

  4. #4
    SitePoint Wizard bronze trophy Jeff Mott's Avatar
    Join Date
    Jul 2009
    Posts
    1,314
    Mentioned
    19 Post(s)
    Tagged
    1 Thread(s)
    As best as I can tell, the auth module runs before the rewrite module, and if the user isn't authenticated, then the auth module sends the unauthorized response immediately. No other module, including rewrite, gets a chance to execute. There might be some creative way around this, but I'm not sure what that is yet.
    "First make it work. Then make it better."


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •