CMSMS urlrewriting and restricted access with htaccess ?

[Trangsene]

Hello,

I'm using the htaccess file provided with CMSMS for clean url rewriting :

Code: Select all

# Attempt to override some php settings, these settings may be helpful on some hosts if your
# default configuration does not meet CMS's minimum requirements, and your host
# has given your account appropriate permissions
#php_value upload_max_filesize "10M"
#php_value session_save_path "tmp/cache"

#php_flag magic_quotes_gpc Off
#php_flag register_globals Off
#php_flag session.use_trans_sid Off

# (this is important, so uncomment if your host permit)
#Options -Indexes
#ServerSignature Off
#
Options +FollowSymLinks
#
<IfModule mod_rewrite.c>
RewriteEngine on
#
#Sub-dir e.g: /cmsms
RewriteBase /

#
# 301 Redirect all requests that don't contain a dot or trailing slash to
# include a trailing slash
# but ignore POST requests.
#RewriteCond %{REQUEST_URI} !/$
#RewriteCond %{REQUEST_URI} !\.
#RewriteCond %{REQUEST_METHOD} !POST$
#RewriteRule ^(.*) %{REQUEST_URI}/ [R=301,L]

# Rewrites urls in the form of /parent/child/
# but only rewrites if the requested URL is not a file or directory
#
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.+)$ index.php?page=$1 [QSA]
</IfModule>

But I need also to limit the access to a specific folder on my webhosting.

As usual, I've put htaccess and htpassword files in the folder :

Code: Select all

# .htaccess
AuthUserFile "/home/mon_site/public_html/export/.htpasswd"
AuthName "Restricted access"
AuthType Basic
<Limit GET POST>
require valid-user
</Limit>

I found the exact path to this folder with a php file :

Code: Select all

<? echo realpath("index.php"); ?>

that gives :
/home/saug7sp/public_html/export/.htpasswd

But when I try to access to the protected "export" folder (http://(www)mydomain/export/), I have a 404 error page !

Why

If I remove the htaccess for urlrewriting at the root, the authentification is working.

I imagine there is a conflict between the 2 htaccess, but I don't see how to resolve it, especially because it's specified in the htaccess provided with CMSMS "but only rewrites if the requested URL is not a file or directory"

I've tried to add an exception with something like :

Code: Select all

RewriteCond %{REQUEST_URI} !^/?export/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.+)$ index.php?page=$1 [QSA]

but it doesn't change anything.

Is there a specialist of urlrewriting who could help me please ?
Thanks in advance.

[scooper]

Don't claim to be a specialist, but I've just had to remind myself how to do this.

There's a couple of things you can do. You can write an exception for that single directory before your normal rewrite. Something like this worked for me:

Code: Select all

RewriteCond %{REQUEST_URI} /export/(.*)$
RewriteRule ^.*$ - [L]

Or, you can use the method detailed here: http://wordpress.org/support/topic/89515 (the link to which came from this forum here).

There's more detail in the above posts, but in simple steps:

1. Create a 401.html page and place it in your root directory. It can just be a blank page if you want, or write a nice message... or be rude, whatever mood you're in.
2. Specify this 401 page at the top of your CMSMS htaccess file by adding:

Code: Select all

ErrorDocument 401 /401.html

And that should do it (assuming you've got your password protected directory set up right of course).
This should also work for any other directories you need to protect as well.

s.

[Trangsene]

Thanks for your answer.
Meanwhile I've used PHP session and a login/password page.
It takes more time than just a htacces file but it works fine.
I'll try your suggestion, thanks again.