Pretty URLs break apache Authentication

[rotezecke]

our website was moved to a new server and now

Code: Select all

AuthType Basic
AuthName "Restricted Area"
AuthUserFile /home/therootname/.thehiddenpwfile
Require valid-user

does not work anymore. i tried three browsers (FF, lynx, Konquerer) and the common response sounds like de-compression error. that seems to be misleading, though.

Site Setup:
the htaccess file with authentication code lives here:

Code: Select all

www.rooturl.com/subdir1/subdir2/.htaccess

after a lot of trail and error I found that removing these lines

Code: Select all

  # Rewrites urls in the form of /parent/child/
  # but only rewrites if the requested URL is not a file or directory

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.+)$ index.php?page=$1 [QSA]

from

Code: Select all

www.rooturl.com/.htaccess

fixes the problem, however, these are the pretty URL rewrite rules.

anyone encountered this problem? this used to work fine on any other server this website was ever on (so far 5 different servers).

I tried adding these lines (or variation thereof) :

Code: Select all

  RewriteCond %{REQUEST_URI} !^/subdir1/.*$ 
and/or
  RewriteRule ^subdir1/ - [L] 

but this doesn't help. Thanks.
----------------------------------------------

Cms Version: 1.11.7

Installed Modules:

CMSMailer: 5.2.1
MenuManager: 1.8.5
ModuleManager: 1.5.5
News: 2.12.12
CGSmartImage: 1.10.1
Search: 1.7.8
TinyMCE: 2.9.12
CGSimpleSmarty: 1.5.3
CGExtensions: 1.31.4
CGBlog: 1.9.12
CGFeedback: 1.5.10
Captcha: 0.4.6
FormBuilder: 0.7.3
Showtime: 3.3
GBFilePicker: 1.3.3


Config Information:

php_memory_limit:
process_whole_template:
max_upload_size: 16000000
url_rewriting: mod_rewrite
page_extension: .html
query_var: page
image_manipulation_prog: GD
auto_alias_content: true
locale:
default_encoding: utf-8
admin_encoding: utf-8
set_names: true


Php Information:

phpversion: 5.3.26
md5_function: On (True)
gd_version: 2
tempnam_function: On (True)
magic_quotes_runtime: Off (False)
E_STRICT: 0
E_DEPRECATED: 8192
memory_limit: 126M
max_execution_time: 120
output_buffering: On
safe_mode: Off (False)
file_uploads: On (True)
post_max_size: 16M
upload_max_filesize: 16M
session_save_path: /tmp (1777)
session_use_cookies: On (True)
xml_function: On (True)
xmlreader_class: On (True)


Server Information:

Server Api: cgi-fcgi
Server Db Type: MySQL (mysql)
Server Db Version: 5.1.70
Server Db Grants: Found a "GRANT ALL" statement that appears to be suitable

[velden]

Site Setup:
the htaccess file with authentication code lives here:
Code:
http://www.rooturl.com/subdir1/subdir2/.htaccess

Did you also change/use the RewriteBase option in the .htaccess?
You should use it

Code: Select all

<IfModule mod_rewrite.c>
RewriteEngine on
#
#Sub-dir e.g: /cmsms
RewriteBase /subdir1/subdir2

# 301 Redirect all requests that don't contain a dot or trailing slash to
# include a trailing slash
# but ignore POST requests.
#RewriteCond %{REQUEST_URI} !/$
#RewriteCond %{REQUEST_URI} !\.
#RewriteCond %{REQUEST_METHOD} !POST$
#RewriteRule ^(.*) %{REQUEST_URI}/ [R=301,L]

# Rewrites urls in the form of /parent/child/
# but only rewrites if the requested URL is not a file or directory
#
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.+)$ index.php?page=$1 [QSA]
</IfModule>

[rotezecke]

Did you also change/use the RewriteBase option in the .htaccess?
You should use it

I didn't. the htaccess file in the subdirectory only really has the authentication code in it. CMSMS lives in the root and its htaccess file contains all the mod_rewrite stuff, including

Code: Select all

RewriteBase /

[velden]

Sorry, missed that.

[rotezecke]

the only work-around was to add:

Code: Select all

 RewriteCond %{HTTPS} off

to the pretty URL conditions. that, I assume, will disabled pretty URLs for https but i dont use it at present.