apache - .htaccess password protection doesn't work (redirects to 404) -


in public folder, have logs folder want protect using .htpasswd. app folder inside public (the site built in mind , wouldn't worth moving app). when try access password protected folder, redirects me 404. if take out mvc rewriting part, works. directory structure, in case helps.

root/   public/     app/       start.php       .htaccess       ...     logs/       .htaccess       .htpasswd       errorlog.md     index.php     .htaccess   vendor/ 

this part of .htaccess in /public think matters.

<ifmodule mod_rewrite.c>     options -indexes      rewriteengine on     rewritebase /      rewritecond %{http_cookie} !cfnw-user [nc]     rewriterule ^resources/newspaper http://example.com/error/401 [nc,l]      # force exclude trailing slash     rewritecond %{request_filename} !-d     rewritecond %{request_uri} (.*)/$     rewriterule ^(.+)/$ $1 [r=307,l]      # allow files or directories exist displayed directly     rewritecond %{request_filename} !-f     rewritecond %{request_filename} !-d     rewriterule ^(.*)$ index.php?$1 [qsa,l] </ifmodule> 

this .htaccess in /logs.

authtype basic authname "log files. sensitive information." authuserfile /home/site/public/logs/.htpasswd require valid-user 

i'm wondering how can make password protection work without redirecting 404.

in .htaccess in /public folder, have removed autoindexing options -indexes. valid subfolders unless change again. because of this, when visitor arrives in folder /logs, there no index.html or index.php file, , autoindexing deactivated, there nothing apache show. afaik should have "403 forbidden" error, , not 404 not found.

so put in .htaccess file in public/logs folder

options +indexes

and check if have mod_autoindex loaded/enabled.


Comments

Popular posts from this blog

android - Pass an Serializable object in AIDL -

How to provide Authorization & Authentication using Asp.net, C#? -

How to use Authorization & Authentication in Asp.net, C#? -