Mod-Rewrite and Authentication compatibility

Fix it!!

Mod-Rewrite and Authentication compatibility

Postby johnnyl » Mon May 15, 2006 8:00 pm

Hey guys... I have narrowed down a problem I have been having and it may be due to a fundamental misunderstanding on my part...

It looks like it has to do with security, so I thought I would post it here. I don't know if this issue is specific to my hosting server, or generic.

My problem is as follows:
- I would like to keep all my rewrite code in the main directories .htaccess file
- When apache executes a RewriteRule from the main .htaccess and rewrites the URL to a directory with another .htaccess file requiring a valid-user a 401 page/error is returned if the browser has not already authenticated under this directory.

- So... When a rewrite from the main .htaccess returns a substituted URL pointing to a valid-user required subdirectory, rather than popping up a window and asking for authentication, it automatically fails and returns a 401.

- It seems I have two options:
1) Remove the valid-user required from the subdirectory
2) Splice up my rewrite code into various sub-directories which have valid-user requirements.

Is there any way around this problem so that I can have the rewrites all work from the main directory and still have various valid-user required directives on sub-directories?

Is this a general problem between rewrite and authentication, or is this something seemingly specific to my hosting server?

Thanks for any help...

Johnny
johnnyl
 
Posts: 1
Joined: Mon May 15, 2006 7:56 pm

Return to Security with Mod_Rewrite

Who is online

Users browsing this forum: No registered users and 8 guests

cron