I have spent a tremendous amount of time the last week trying to figure this out, but no matter what I try I cannot get this to work. My web host said they did not have anyone who knew enough about .htaccess files to get this working (encouraging, right?), and the company I purchased my CMS from also could not determine a solution. I've also read dozens upon dozens of answers on here and on other websites, but I simply cannot fix my problem.
Here's the deal: My CMS – Invision Power Board – generates the following .htaccess file which goes in the root of the website:
<IfModule mod_rewrite.c>
Options -MultiViews
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} .*\.(jpeg|jpg|gif|png)$
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule . /public/404.php [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
I have a subdirectory, sub_dir, that I need to password protect using a .htaccess file in the subdirectory. I setup the password protection through cPanel and if the .htaccess file in the root of the website is disabled it works fine. If the .htaccess file in the root of the website is not disabled, however, then when I browse to sub_dir the homepage is displayed. At first I thought the homepage being displayed might have something to do with the 404 page rewrite, but the homepage is still displayed even if I remove the rewrite conditions and rule for the 404 page.
The code in the .htaccess file in sub_dir is:
AuthUserFile "/home/[user]/public_html/.htpasswd"
AuthType Basic
AuthName "subdir"
require valid-user
As I previously mention, the password protection works when the .htaccess file in the root directory is disabled. It also works when I remove the bottom rewrite conditions and rule (the lines for index.php), but removing the rewrite conditions and rules for the 404 page does not affect anything.
I have tried dozens of potential solutions, none of which have worked. To name a few, I tried Poncha's answer below:
RewriteCond %{REQUEST_URI} !^sub_dir
I've also tried this:
RewriteRule ^/sub_dir - [L]
As well as many, many other things that I don't really even remember now. The point is, nothing has worked so far. I also did try all possible combination with regard to the leading and following slashes.
My server is running Apache 2.2.22.
I am seriously at my wits end here. Please help.
Best Answer
It would seem like you've already tried this, it's the most obvious answer (as poncha pointed out) and it's probably the most likely to show up in a mod_rewrite tutorial/guide. By exlcuding the directory using a
RewriteCond, noting that the match of the condition is against the%{REQUEST_URI}, which begins with a/":EDIT:
Looking at what you've tried, this also is wrong. You don't want the leading slash in the match of the
RewriteRulewhen it is in an htaccess file: