I have a site with a virtual directory structure like mysite.com/folder/title which is actually a .htaccess rewrite to mysite.com/f/index.php?p=title. I want to password protect the folder folder with .htaccess, and know how to do that with actual folders. But I don't want to password protect the main site mysite.com, and right now if I put the .htaccess file in the mysite.com directory, I am protecting mysite.com and mysite.com/folder. I have also tried protecting mysite.com/f.
How can I protect only mysite.com/folder using .htaccess?
.htaccess contents of mysite.com.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^folder/(.*)$ /f/index.php?p=$1 [PT,L,QSA]
RewriteRule ^folder/*$ /f/index.php [L,QSA]
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
.htaccess file I tried in mysite.com/f This successfully protects the entire site when moved into the other .htaccess file, so I know the path is correct.
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /home/myusername/.htpasswd
Best Answer
First of all you shouldn't be putting that configuration (the rewrite rules) in .htaccess files, you should be putting it in the main configuration file under a Directory section (assuming you have access to that file). The Apache docs explain why.
You should check that you have the correct AllowOverride settings. If it's all setup correctly, having the .htaccess file you specified sitting in the mysite/f folder should be enough to password protect it.