.htpasswd file redirects to 'Page Not Found'

Permalink
Hi, I have Concrete5 installed in the public_html directory and that's going fine. I tried to password protect a subdirectory with htaccess/htpasswd but I get redirected to the Page Not Found message. The subdirectory is outside the Concrete5 installation (i.e. /public_html/new_directory) and that's where the .htaccess file is. If I remove the .htaccess file from the subdirectory I can reach any page in it.

If I remove the rewrite rules in the Concrete5 .htaccess file the problem disappears so it's clearly something to do with that. Has anyone got any ideas how to fix this?

Many thanks

View Replies:
nteaviation replied on at Permalink Reply
nteaviation
If your concrete5 .htaccess has this in it:
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d

it says that if URL is NOT a file AND URL is NOT a directory, then rewrite the URL with RewriteRule ^(.*)$ index.php/$1 [L]

If your try the URL /newdirectory/index.php do you still get the "not found"? Hope that makes sense :)
laughingbuddha replied on at Permalink Reply
Hi yes it does have that code and I get the same result whether I enter the directory path in the address bar or a path to any page.
nteaviation replied on at Permalink Reply
nteaviation
Which "file not found" page are you seeing. The concrete5 one or the Apache default not found page?

Do you have 2 .htaccess files? One in your concrete5 root directory (for pretty URL support) and another in /newdirectory/.htaccess? The root /.htaccess should have something like:
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [L]

The /newdirectory/.htaccess should look something like:
AuthType Basic
AuthName "New Protected Directory"
AuthUserFile /path/to/.htpasswd
Require valid-user

Check your permissions on /newdirectory and all the .htaccess and .htpasswd files. You may also try renaming /newdirectory to somehthing else and see if you can hit that.

What you are trying to do should work, however, there still could be a "Apache global configuration" that is causing the issue. That will have to be corrected by your web host provider.
laughingbuddha replied on at Permalink Reply
I'm seeing the Concrete5 File Not Found page. The .htaccess/.htpasswd files are set up exactly as you described. The permissions for all are 644 which I believe is correct.

I renamed the directory and got the same result so I'll check with the host provider about the Apache global configuration.

Thanks a lot for your help :)
nteaviation replied on at Permalink Reply
nteaviation
What happens if you turn off "Pretty URL's" and disable the concrete5 .htaccess. Does everyting work as expected?

There are just so many ways that Apache/PHP can be configured. Who is you Web Host Provider. There is probablly someone in the forums that has figured out a .htaccess tweek specific to your provider.
laughingbuddha replied on at Permalink Reply
my host provider said the subdirectory passes through the C5 .htaccess ok the first time then hits the subdirectory .htaccess and then the .htpasswd. Then as it passes through the C5 .htaccess again the URL somehow gets rewritten and gets caught up in the return to base rule. I just turned that off so 404s now go to the default server 404 page. It's good enough I can style that one to my needs anyway.

Thanks for your help :)
laughingbuddha replied on at Permalink Reply
An update to my last post. Turning off the return to base part of the C5 .htaccess broke all pages except the home page. I have resolved this issue by creating a subdomain for the protected directory and accessing it through that. This appears to completely bypass the root .htaccess, therefore I can leave the rewrite rules intact.
nteaviation replied on at Permalink Reply
nteaviation
Interesting. Nice piece of debugging work. If a redirect is getting tangled up, you could try putting
define('REDIRECT_TO_BASE_URL',false);

in your /config/site.php
Not sure if that will make any difference or not.
laughingbuddha replied on at Permalink Reply
Thanks .... but using a subdomain resolved the issue, or worked around it at least. All is good.