1 reply to this topic

[JeremyH]

In my root directory I have an .htaccess file that redirects non-www traffic to www traffic:

/root/public/.htaccess

RewriteEngine On
RewriteBase /

RewriteCond %{HTTP_HOST} !^(www\.example\.com)?$ [NC]
RewriteRule (.*) http://www\.example\.com/$1 [R=301,L]

I am trying to password protect my /admin/ folder and have created its own .htaccess file:

/root/public/admin/.htaccess

AuthUserFile /root/private/.htpasswd
AuthType Basic
AuthName "Admin"
Require valid-user

The problem is if I go to "example.com/admin/" I get prompted for my password, then redirected to www.example.com/admin/ where it prompts me for my password a second time.

I'd like to do two things:
1 - Make it so if I go to "example.com/admin/" it first redirects me to "www.example.com/admin/" and then prompt me for my password.
2 - Combine these two .htaccess files in one if possible and advisable.

Any help is greatly appreciated.

[chrishirst]

A .htaccess redirect creates a second (internal) HTTP request to the server so .htaccess is read twice in this case, also .htaccess affects ALL the subfolders of the folder it is placed in. Therefore a "root" .htaccess applies to the entire physical structure.

A: Add a negative rewrite condition to exclude the admin folder and subfolders from the redirect

RewriteEngine on
RewriteCond %{REQUEST_URI}!^/admin/
# ^^^^ says "If the requested URI does NOT start with /admin/ redirect it.
RewriteRule (.*) http://www.site.tld/$1 [R=301,L]

B: Put the authorisation in the root .htaccess file

AuthType Basic
AuthName "WhatEver"
AuthUserFile /home/user/siteroot/admin/.htpasswd
# ^^^^^^^^^^^^^^ this needs to be the PHYSICAL path to the folder
require valid-user

You can find the physical path with phpinfo() and locate the "DOCUMENT_ROOT" value

By the way you don't need both of those. A or B should do what you need.

Edited by chrishirst, 09 August 2012 - 08:49 AM.