I’ve been working on a site which uses the CodeIgniter PHP framework for a few days.
I added a custom CMS area to the site, which I wanted to place in a password-protected directory. I needed to turn the Rewrite Engine, (which CI uses extensively), off for the CMS’ URL but for some reason Apache throws a spaz if you try to use the ‘RewriteEngine off’ directive along with the ‘require valid-user’ directive.
Basically, the authentication was working as expected but for some reason the ‘RewriteEngine off’ directive was getting ignored… Strange, but a Google search indicates it’s a well-known bug. Easy to fix, though, with some edits to my .htaccess files.
RewriteEngine on RewriteCond $1 !^(index\.php|staticfiles|robots\.txt) RewriteCond $1 !^(401.shtml) RewriteRule ^(.*)$ /index.php/$1 [L]
RewriteEngine off AuthType Basic AuthName "Restricted Location" AuthUserFile "/home/website/.htpasswds/public_html/cms_dir/passwd" require valid-user