Password protect a directory inside CakePHP webroot dir

Question

For all kinds of reasons, I have a dir inside app/webroot/ that needs protection (/files). I'm not familiar with the inner workings of CakePHP, because I hired someone for this project. This person, however, can not supply an answer. It's also not feasible to move the directory.

What I tried was placing a .htaccess inside the app/webroot/files/ and link to an .htpasswd file outside the the regular file tree. This does not work, I'm getting a 401 error. Placing the .htpasswd inside the same dir doesn't change anything.

From other questions I have gathered that I need to modify the other .htaccess files used by CakePHP, but it's not clear to my how.

The one other question that looks like mine is about protecting the entire webroot dir, which is not what I need.

I also tried securing the files with a PHP download script that checked the session, but somehow that is often failing with my clients, not sure why.

Answer 1

The HTTP 401 status (note: 'status', not 'error') is the 'Unauthorized' status, which is precisely the status you need for unauthorized people. This sort of suggests to me that the protecting works, but that checking the authorization credentials to allow access fails.

It might help if you post your .htaccess code (leave out any sensitive data of course ;) )