I have a filesmatch directive in my .htaccess file:
<filesMatch "admin">
AuthUserFile /var/www/html/.htpasswd
AuthType Basic
AuthName "Protected Area"
require valid-user
</filesMatch>
It matches http://www.website.com/admin (and sub-pages such as /admin/edit_page)
But not http://www.website.com/index.php/admin
(I also have a mod_rewrite rule to hide the index.php from most of the website, don't know if this conflicts).
The mod rewrite rule:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
#Removes access to the system folder by users.
#Additionally this will allow you to create a System.php controller,
#previously this would not have been possible.
#'system' can be replaced if you have renamed your system folder.
RewriteCond %{REQUEST_URI} ^system.*
RewriteRule ^(.*)$ /index.php?/$1 [L]
#Checks to see if the user is attempting to access a valid file,
#such as an image or css document, if this isn't true it sends the
#request to index.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?/$1 [L]
</IfModule>
Best Answer
FilesMatch matches physical filesystem objects. index.php/admin is not one of those.