CodeIgniter htaccess + awstats password protected collision

Question

I've searched the web for a while and couldn't find the correct answer for the following problem:

I have a working .htaccess for codeigniter app (index.php removed ) which looks like this:

RewriteEngine On

RewriteCond %{HTTP_HOST} !^www\.mydomain\.com [NC]
RewriteRule ^(.*)$ http://www.domain.com/$1 [R=301,L]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [L]

And the /awstats/.htaccess has the following rules:

Options +ExecCGI
AddHandler cgi-script pl
DirectoryIndex awstats.pl 

AuthUserFile /home/MY_USER/domains/mydomain.com/public_html/awstats/.htpasswd
AuthType Basic
AuthName "AwStats Protection"

<LIMIT GET POST>
require valid-user
</LIMIT> 

When I did not use awstats with password protection -> everything worked just fine. After enabling password protection for awstats -> CI shows a 404 error when I try to access mydomain/awstats. how can that be fixed?

Note: mydomain.com / MY_USER is just for the sake of the example :-)

Answer 1

Instead of this:

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [L]

You can do this:

RewriteCond $1 !^(index\.php|favicon\.ico|favicon\.png|crossdomain\.xml|robots\.txt|images|css|js|awstats)
RewriteRule ^(.*)$ /index.php/$1 [L]

So you can explicitly grant access to anything that doesn't need to go through CI's front controller. This is a safer technique, but requires that you explicitly add every file and directory (e.g. images, css, etc).