Hello,

I have CI running with my server root folder, wich has this .htaccess:

The problem is:

if I try to protect the editorial, or any other folder listed in the RewriteCond, with a .htaccess, it returns a “404 Page Not Found - The page you requested was not found” error.

How can I protect subfolders with htaccess? Wich modifications must I do? If you could please help me, I’d appreciate it.

Thanks in advance,

Put a .htaccess file in the folder you want to protect with the command

Also this might help: .htaccess files.

Thank you for the fast response.

It still doesn’t work. I’ve already tried those you’ve suggested and other, but it doesn’t work anyway.

Thanks. I’ll keep searching. If anyone has a suggestion, go ahead and give it.

Are you wanting to password protect the folder with .htaccess - or just generically prevent access from the public?

What page are you requesting to get the 404 error?

also the ‘.’ in rss20.xml should be escaped rss20\.xml - I don’t know if this is a typo in the post or actually in your code.

Do you want to protect your ‘editorial’ folder (ie: disallow access to it) or do you want to allow specific access to it?

If you’re getting a 404 when you try to access it, then I’d say it’s pretty well protected However, if you want to use HTTP Authentication, then you’d need to add it as you have done (escaping rss20.xml with rss20\.xml) as Codepat mentioned and then you can go ahead and add a second .htaccess file with HTTP Authentication specifics in the ‘editorial’ folder itself.

Jose,

Have you found a way around this problem yet?

I am having the same issue. I am using CI 1.5.3 and have the following .htaccess fie in my main directory (located in /home/client/public_html):

I have a folder called cms that I would like to restrict access to one user using basic authentication. I set it up using cpanel and currently have the following .htacess:

I get a 404 when trying to go to the cms folder.

Has anyone come across this issue before? Could it be the rewrite causing problems with the location of the password even though it sits a level below it on the server?

Thanks,
Ben

I’m still hving the same problem. And benmanson as put it way better than I have.

I have the exact problem he has. A dir, inside CI root, that has a .htaccess the same as benmanson’s. If I add the folder’s name to the list in the root’s .htaccess, all is good, and I have access. But, if I want to protect it with basic authentication, as soon as I put a .htaccess inside it, I no longer can access it, and CI returns a 404.

If anybody can help, I’d appreciate it.

Thanks in advance,

I am having this problem now, I have a back-end application which is not part of the CI app, and if I use htccess to protect it I get CI’s 404 error…

Any help would be greatly appreciated!

hi,

I couldn’t resolve this problem so I ended up integrating a simple user authentication system (I used SimpleLogin). It might not be an option for you but it solved things for me.

Hope that helps.

cheers
Ben

The problem is our project allotted 5 minutes for setting directory permissions, now it’s going on days…integrating an authentication system is definitely not an option. Now my boss is angry at me for using CI!

So did anyone ever find a solution to this problem. I’m in the same boat, I want to use basic server level auth for the admin area rather than rolling a CI based solution. I’m wondering if there’s a way to specify a password protected folder in httpd.conf as this is not reliant on a folder actually existing…

A friend suggested another option:

“...one approach you could look at is to physically create that folder, put your htaccess in it with the Basic Auth stuff but then also use a rewrite rule to pass the request back to /index.php”

I’m not sure exactly how to do that but if it works do post your results…

I figured out how to fix this.  When you do a basic authentication with htaccess the server will return a 401 code. This appears to prompt the server to send a file called 401.shtml to the browser.  I added the ‘401.shtml’ to my htaccess RewriteCond and that made it work:

I’m not sure if basic auth works like this on all server setups (I’m on a cPanel server) so if this doesn’t work for you here is how I figured it out. I turned on logging in the config file (this saves a log file to /system/logs)

Then you’ll need to change this line in system/libraries/Router.php:

to

Now when you visit your authenticated folder, you should get a logged message of what file the Router class is testing against.  Add whatever file that is, add it to your RewriteCond.  Mine said 401.shtml, so that is what I added, and wha-la it workd

Hope this helps.

James

nice resolution devtrench

devtrench - 07 March 2008 02:14 AM

I figured out how to fix this.

I might have spoken too soon… I just realized this morning that my entire site now has basic authentication on it :( Not sure how this happened, but I’ll look into it some more.  It’s unfortunate that CI messes up Basic Authentication with Apache this way.  Is it the same on all installs or just some server configurations??

I’ll post back when I figure out what’s going on.

James

devtrench - 07 March 2008 09:34 AM

I’ll post back when I figure out what’s going on.

Ok, this was simple - I was just linking to a file inside of the private directory.

Basically what I want to do is secure CI a little better by putting basic authentication on the applications and system directories.  I had a css file linking into the applications directory so I moved the authentication deeper in that directory where I really need it.

Once I did that, it solved my problem.

James