tags:

views:

146

answers:

2
+1  Q: 

htaccess vs password protected directories

I have to add a password protected zone to a site I am working on (using the .htpasswd file). The thing is the whole directory structure it's being pointed at doesn't exist and is created through mod_rewrite.

Will it still work, or does the directory actually have to physically exist on the server?

Clarification: While I may need to password protect the directory: http://sitename/category/protected/

mod_rewrite translates this to: index.php?category=category&directory=protected

So the actual directory does not exist. Is it still protectable?

+1  A: 

You can add the access rules to the apache config file (httpd.conf or similar) in a Directory or Location tag instead of adding it in the .htaccess file.

Anders Westrup  2010-03-11 09:32:42
A: 

Your rewrite rules will ultimately point to some files in a directory on your system (unless they redirect users to some external location). The authentication setup should be on the underlying directory that will be accessed.

ar  2010-03-11 09:32:42
The directory doesn't exist, which is the issue. mod_rewrite fakes the whole thing.
Meep3D  2010-03-11 09:36:51
Your mod_rewrite redirects to your `index.php` file, so either put a `.htaccess` file next to it, or as Anders suggested put the configuration into the main apache config and either use `<Location>` to match urls or `<Directory>` to match directories on the filesystem or even `<Files>` to match index.php specifically. See http://httpd.apache.org/docs/2.2/sections.html for more information.
ar  2010-03-11 12:01:24

related questions

How do I write Firefox add-on that automatically enters proxy passwords?
Login Integration in PHP
Strange Rails Authentication Issue
Concurrent logins in a web farm
Is there a browser equivalent to IE's ClearAuthenticationCache?
How can I authenticate using client credentials in WCF just once?
Why can't I connect to my CAS server with Perl's AuthCAS?
Best Solution For Authentication in Ruby on Rails
Authenticate on an ASP.Net Forms Authorization website from a console app
How do I use NTLM authentication with Active Directory
What have you used Windows CardSpace for, if anything
Forms Authentication across Applications
Retreiving the PC Name of a Client? (Windows Auth)
How would you implement FORM based authentication without a backing database?
What's the best way to authenticate over WCF?
Only accepting certain ajax requests from authenticated users
OpenID authentication in Ruby on Rails
OpenID Attribute Exchange - should I use it?
OpenID: which provider should I recommend to my users?
What to use for login ID?
ASP.NET authentication: user name Vs User ID
How do I add SSL to a .net application that uses httplistener - it will *not* be running on IIS
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Checklist for IIS 6/ASP.NET Windows Authentication?
The Definitive Guide To Website Authentication