.htaccess is interfering with nested .htaccess/.htpasswd?

Question

I'm using Simple Mailing List (http://www.notonebit.com/projects/mailing-list). It's good mailing list, but no admin area. So you have to use .htaccess/.htpasswd to protect the /mail/admin folder.

However, my site has WordPress installed in the website's root folder. WordPress creates .htaccess for custom permalinks. And for some reason, this interferes with the .htaccess of my /mail/admin/.

When I delete the WordPress .htaccess file, my password protection works properly on /mail/admin. However, when the WordPress .htaccess is present and I load /mail/admin in browser, I'm never asked for a password and I see a WordPress 404 page that says "page not found..."

Here are my files... WordPress .htaccess (located in root folder):

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

Mailing List .htaccess (located in /mail/admin):

AuthName "Restricted Area" 
AuthType Basic 
AuthUserFile /home/myUsername/public_html/mySndSite/mail/admin/.htpasswd 
require valid-user

Any idea as to what is causing the conflict, and how I can resolve it? Been working at it for hours. Your help is much appreciated.

Thank You

EDIT: found a solution!

Found a solution on a Joomla blog. I don't know how, but this works... LOL :)

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /

RewriteRule ^index\.php$ - [L]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} (/|\.htm|\.php|\.html|#.*|\?.*|/[^.]*)$  [NC]
RewriteRule ^(.*) /index.php [L]
</IfModule>

Answer 1

You could try explicitly setting a conditional that the request URI not match the url for the mail script. That should prevent the rewrite from kicking in when you view the mail admin page.

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} !mail
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

Answer 2

I think there must be something else going on here that we can't see. That Wordpress .htaccess code already prevents rewriting URLs when what you are trying to access is a file or a directory that exists on the server, which should be true in this case.

Are there any other .htaccess files involved anywhere, or any plugins installed in Wordpress that involve rewrites? Also, does /mail/admin/ work when you remove your .htaccess file that requires a password?

You could try, say, creating blank text files inside the /mail/admin/ directory and in a completely new folder in the root directory, and see if you can access those without any problems - might narrow down where the problem is.