htaccess vs password protected directories
-
19-09-2019 - |
Question
I have to add a password protected zone to a site I am working on (using the .htpasswd file). The thing is the whole directory structure it's being pointed at doesn't exist and is created through mod_rewrite.
Will it still work, or does the directory actually have to physically exist on the server?
Clarification: While I may need to password protect the directory: http://sitename/category/protected/
mod_rewrite translates this to: index.php?category=category&directory=protected
So the actual directory does not exist. Is it still protectable?
Solution
You can add the access rules to the apache config file (httpd.conf or similar) in a Directory or Location tag instead of adding it in the .htaccess file.
OTHER TIPS
Your rewrite rules will ultimately point to some files in a directory on your system (unless they redirect users to some external location). The authentication setup should be on the underlying directory that will be accessed.