I almost spent 10 minutes trying to figure out a title for this post, as the problem I stumbled upon today is not easy to describe 😉
In a basic Apache environment, I have a rewrite rule routing every incoming request to another listening port. However I want just 1 directory to not be rerouted. So I used this .htaccess configuration:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^myhost.com$
RewriteCond %{REQUEST_URI} !^/dirnotrerouted
RewriteRule ^(.*)$ "http\:\/\/127\.0\.0\.1\:12000\/$1" [P,L]
Therefore every incoming request to http://myhost.com/whatever is redirected to http://myhost.com:12000/whatever and any access to http://myhost.com/dirnotrerouted/whatever is not rerouted. It works.
Now I want to add basic HTTP authentication to one of the directories inside dirnotrerouted. So I created a specific .htaccess file in the restricted directory:
AuthType Basic AuthName "Restricted area" AuthUserFile /path/to/.htpasswd Require valid-user
And now comes the problem: accessing http://myhost.com/dirnotrerouted/restricted is now being rerouted to http://myhost.com:12000/dirnotrerouted/restricted. Problem does not occur for other directories.
And now the solution: specify a 401 error document in the .htaccess file.
ErrorDocument 401 "Unauthorized Access" AuthType Basic AuthName "Restricted area" AuthUserFile /path/to/.htpasswd Require valid-user
This way your directory is now accessible without being redirected, and is using HTTP authentication.
Muriel
Thank you, this helped me 4 years later!