Hey guys... I have narrowed down a problem I have been having and it may be due to a fundamental misunderstanding on my part...
It looks like it has to do with security, so I thought I would post it here. I don't know if this issue is specific to my hosting server, or generic.
My problem is as follows:
- I would like to keep all my rewrite code in the main directories .htaccess file
- When apache executes a RewriteRule from the main .htaccess and rewrites the URL to a directory with another .htaccess file requiring a valid-user a 401 page/error is returned if the browser has not already authenticated under this directory.
- So... When a rewrite from the main .htaccess returns a substituted URL pointing to a valid-user required subdirectory, rather than popping up a window and asking for authentication, it automatically fails and returns a 401.
- It seems I have two options:
1) Remove the valid-user required from the subdirectory
2) Splice up my rewrite code into various sub-directories which have valid-user requirements.
Is there any way around this problem so that I can have the rewrites all work from the main directory and still have various valid-user required directives on sub-directories?
Is this a general problem between rewrite and authentication, or is this something seemingly specific to my hosting server?
Thanks for any help...
Johnny