Django + basic http auth

Question

Hi, I am using Django via FastCGI. I have a non-django part of my website and I need to protect it with basic apache auth. Here is a part of my config:

RewriteEngine On
RewriteBase /

RewriteRule ^media(.*)$ - [L]
RewriteRule ^SUPERSECRET(.*)$ - [L]
RewriteRule ^images(.*)$ - [L]
RewriteRule ^robots.txt$ - [L]
RewriteRule ^(admin_media/.*)$ - [L]

RewriteRule ^(dispatch\.fcgi/.*)$ - [L]

RewriteRule ^(.*)$ dispatch.fcgi/$1 [L]

So SUPERSECRET dir should not be processed by django dispatcher. If there is no auth, anything is ok, but when I add .htaccess to SUPERSECRET dir:

AuthUserFile /home/user/site/SUPERSECRET/.htpasswd
AuthName "Members Area"
require valid-user

I get 401 failed auth error without any request to enter login & password, how should I fix my config files? Thanks!

Answer 1

Not sure if this will solve the issue, but the .htpasswd should not live in any directory that is accessible from the web.