WordPress.org

Ready to get started?Download WordPress

Forums

.htaccess - getting wordpress and password protected files to play well together (5 posts)

  1. skippybosco
    Member
    Posted 6 years ago #

    I have WordPress 2.51 up and running splendid using the following .htaccess in my root:

    # END Set Expire Date
    <IfModule mod_expires.c>
    ExpiresActive On
    ExpiresByType text/html "access plus 1 seconds"
    ExpiresByType image/gif "access plus 2 years"
    ExpiresByType image/doc "access plus 1 weeks"
    ExpiresByType image/pdf "access plus 1 weeks"
    ExpiresByType image/zip "access plus 1 weeks"
    ExpiresByType image/jpeg "access plus 2 years"
    ExpiresByType image/png "access plus 2 years"
    ExpiresByType text/css "access plus 2 years"
    ExpiresByType text/javascript "access plus 2 years"
    ExpiresByType application/x-javascript "access plus 2 years"
    </IfModule>
    
    # END GZip if possible
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTP:accept-encoding} gzip
    RewriteCond %{REQUEST_FILENAME} !^.+\.gz$
    RewriteCond %{REQUEST_FILENAME}.gz -f
    RewriteRule ^(.+) $1.gz [L]
    
    # If subdomain www exists, remove it first
    RewriteCond %{HTTP_HOST} ^www\.([^\.]+\.[^\.]+)$ [NC]
    RewriteRule ^(.*)$ http://%1/$1 [R=301,L]
    # If requested resource does not exist as a file
    RewriteCond %{REQUEST_FILENAME} !-f
    # and does not end with a period followed by a filetype
    RewriteCond %{REQUEST_URI} !..+$
    # and does not end with a slash
    RewriteCond %{REQUEST_URI} !/$
    # then add a trailing slash and redirect
    RewriteRule (.*) $1/ [R=301,L]
    </IfModule>
    
    # WordPress upload fix
    <IfModule mod_security.c>
    <Files async-upload.php>
    SecFilterEngine Off
    SecFilterScanPOST Off
    </Files>
    </IfModule>
    
    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteBase /
    RewriteCond %{REQUEST_URI} ^/lectures/ [OR]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    # END WordPress

    I have a subdirectory, /podcasts, that I am password protecting using a .htaccess located in that directory:

    AuthType Digest
    AuthName "Protected PodCast"
    AuthDigestFile /usr/local/apache/conf/digest_passwd
    Require valid-user

    This works great if I remove the above .htaccess from the root of my server, but not if it exists.

    I've narrowed it down to this part of the root .htaccess that is breaking it:

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteBase /
    RewriteCond %{REQUEST_URI} ^/lectures/ [OR]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    # END WordPress

    Any suggestions on how I can get this configuration to work?

    Thanks so much!

  2. DianeV
    Member
    Posted 6 years ago #

    Yep, I've seen the same thing, and not necessarily having anything to do with WordPress.

    I've been a little lazy about researching this but, essentially, it appears that on Apache web servers if there's an .htaccess file in a subfolder, whatever was in .htaccess file(s) above that does not pertain to the subfolder. Kind of as if the existence of an .htaccess in the subfolder wipes out any .htaccess instruction from above.

    Very annoying. :)

    The part that you've narrowed down is the WordPress mod_rewrite stuff; if this were me, I'd just copy it into the subfolder's .htaccess file.

  3. skippybosco
    Member
    Posted 6 years ago #

    Thanks Diane.

    I'm thinking somehow disabling the Rewrite Rules in the .htaccess may be the trick to getting the Digest security working?

    Surprised no one else has run into this before.

  4. skippybosco
    Member
    Posted 6 years ago #

    Ok, found the solution to my problem.

    For those having difficulties with mod-rewrite and subdirectories with protected content:
    --
    http://wordpress.org/support/topic/142943
    --
    Essentially the workaround is to add this into the root .htaccess just before the wordpress entry:

    ErrorDocument 401 /onerror.html
    ErrorDocument 403 /onerror.html
  5. DianeV
    Member
    Posted 6 years ago #

    Ah, I didn't realize from your description that that was the problem. Yes, I've had to do this myself on a number of sites.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags