apache - .htaccess password protection doesn't work (redirects to 404) -
in public folder, have logs folder want protect using .htpasswd. app folder inside public (the site built in mind , wouldn't worth moving app). when try access password protected folder, redirects me 404. if take out mvc rewriting part, works. directory structure, in case helps.
root/ public/ app/ start.php .htaccess ... logs/ .htaccess .htpasswd errorlog.md index.php .htaccess vendor/ this part of .htaccess in /public think matters.
<ifmodule mod_rewrite.c> options -indexes rewriteengine on rewritebase / rewritecond %{http_cookie} !cfnw-user [nc] rewriterule ^resources/newspaper http://example.com/error/401 [nc,l] # force exclude trailing slash rewritecond %{request_filename} !-d rewritecond %{request_uri} (.*)/$ rewriterule ^(.+)/$ $1 [r=307,l] # allow files or directories exist displayed directly rewritecond %{request_filename} !-f rewritecond %{request_filename} !-d rewriterule ^(.*)$ index.php?$1 [qsa,l] </ifmodule> this .htaccess in /logs.
authtype basic authname "log files. sensitive information." authuserfile /home/site/public/logs/.htpasswd require valid-user i'm wondering how can make password protection work without redirecting 404.
in .htaccess in /public folder, have removed autoindexing options -indexes. valid subfolders unless change again. because of this, when visitor arrives in folder /logs, there no index.html or index.php file, , autoindexing deactivated, there nothing apache show. afaik should have "403 forbidden" error, , not 404 not found.
so put in .htaccess file in public/logs folder
options +indexes
and check if have mod_autoindex loaded/enabled.
Comments
Post a Comment