The .htaccess in the most matching directory superseedes another one. For Example the one in /private/ will superseede the one in /.
While you’re reading this, you might ask yourself then, why the hell is /private then not working like expected? Well, because Apache things that private is a file inside / and not the directory /private/ (see the slash (/) at the end.
The overall problem is called canonical URLs. That means, URLs that end in a directory should be auto-slashed by a redirect.
You can find this explained as the first Example in the Url-Rewriting-Guide in Apache 1.3 Configuration.
Yeah, except that doesn’t explain why “foo” works just fine, and adding a / to the end of private doesn’t help.
oh, also if i remove .htaccess from private it starts working. so i guess i’m confused why if the private .htaccess says nothing about redirection, does it go all funny?
bignose, now I completely can not follow you any more. The way you write is too chaotic for me so I can recorgnize a known pattern. Please excuse but my english is not my mother-language and I do not know your very certain server setup.
Pretty simple… 🙂
http://www.bignose.ca/foo and http://www.bignose.ca/foo/ both work as desired.
http://www.bignose.ca/private and http://www.bignose.ca/private/ do not work.
The only difference between foo and private, is that private contains a .htaccess file that looks like this:
require valid-user
AuthName “MacDonald Family Only”
AuthUserFile /usr/home/bignose/www-etc/macdonald.pwd
AuthType basic
Jeff.
The problem with using subdirectories with authentication is a known issue. A workaround is to create an empty file in your web root called “onerror.html” and then to add these lines to the main .htaccess, before the WordPress rules:
ErrorDocument 401 /onerror.html
ErrorDocument 403 /onerror.html
Change the path as appropriate for your setup, of course.
If you want to know *why* this works, then the answer is a bit involved… password protection works by the protected directory throwing a 401 error back to the browser when it doesn’t send the right credentials. But a 401 error can still have content. In this case, the 401 error is intercepted by WordPress’ rewrite rules and redirected to WordPress. By pre-empting it with a ErrorDocument, you make the rewrite condition of !-f fail because the file exists, and thus WordPress won’t attempt to take over 401 errors any more.
Otto42 : Thank you ! 🙂
I haven’t tried it yet, but I do appreciate you taking time to explain it. Many thanks.
Jeff.
Works perfectly, thanks.
Should something like this be added to workpress, or made into a plugin of sorts?
Jeff.
