Forum
htaccess password protection clashing with Perch Runway?
I've just put a Perch Runway site live. In the site structure is a folder containing pages that are not part of Runway but do some admin functions for the site. That folder is called (say) /siteadmin. While the site was being tested, this caused no issues.
The htaccess file in the root of the site contains these statements ...
RewriteEngine on
RewriteCond %{HTTPS} !on [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
# Perch Runway
RewriteCond %{REQUEST_URI} !^/perch
RewriteCond %{REQUEST_URI} !^/siteadmin
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule .* /perch/core/runway/start.php [L]
That worked fine. Perch Runway worked and the files in /siteadmin also worked.
I now want to password-protect the /siteadmin folder so have used Basic htaccess protection.
These are the statements in the htaccess file inside /siteadmin ...
AuthType Basic
AuthName "Administration"
AuthUserFile "/home/********/.htpasswds/public_html/siteadmin/passwd"
require valid-user
If I now try to visit /siteadmin in a web browser, Perch Runway takes control and displays the 404 (page not found) page. If I 'comment out' the 4 lines in /siteadmin htaccess, I can once again get access to the files inside /siteadmin.
I'm guessing I need some changes to the htaccess statements in the root folder, to stop Perch Runway interfering. Can anyone help please?
Thanks, Graham
I would exclude the
siteadmin
folder from the rewrite rules.More here: https://24ways.org/2013/url-rewriting-for-the-fearful/
Isn't the second line of the Perch Runway RewiteCond's doing this?
I've tried excluding the folder (in various places) but it doesn't appear to make any difference. Where should this go and should it be /siteadmin?
Oh yes, missed that.
Another approach is to put your siteadmin htaccess file in the siteadmin folder and turn of rewrites in that folder.
Tried turning off rewrites in the folder too, but that didn't fix it. Finally found the solution, just in case someone else hits this ...
What's actually happening is that the first visit to the folder is not authorised (no username and password has yet been provided in the Basic Auth popup) and therefore this causes a 401 error. As there's no 401 page available, a 404 is returned and Runway is collecting this and displaying the website's 404 page. The problem is solved by adding an extra line to the htaccess file in /siteadmin so it looks like this ...
And if I could 'mark as solution' on my own posting, then I would -- Graham