Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

Installing SilverStripe /

Getting SilverStripe up and running on your computer and on your web server.

Moderators: martimiz, Sean, Ed, biapar, Willr, Ingo, swaiba

Secure non-SS folder with htaccess

Go to End

5 Posts   2087 Views


Community Member, 150 Posts

14 September 2010 at 1:26am

Edited: 14/09/2010 1:26am

I ran into the following problem. I have a folder called 'old' in my SS root, where the old website of a client is located. Clients wants to be able to access the old site, so here's what I did:

1. Added .htaccess in /old with the following code:

<IfModule mod_rewrite.c> 
RewriteEngine Off 

=> I can access the folder /old!

2. Added the following code where 'user' is the correct site name:

AuthName "Restricted Area" 
AuthType Basic 
AuthUserFile /home/user/.htpasswds/.htpasswd 
require valid-user

=> I constantly receive the 'Page-not-found-page'.

Can anybody tell me why? Have double checked the correct user name (path) and location of .htpasswd. Both .htaccess and .htpasswd have chmod 644.


Community Member, 8 Posts

24 February 2011 at 10:50pm

I have the exact same problem, but with two subdirectories instead of one. I've tried all sorts of RewriteCond in .htaccess but with no luck.
Does anyone know what to do?


Community Member, 2 Posts

11 May 2011 at 10:14am

I am also having this problem. For whatever reason, SS is taking over my password-protected folder even through I added the "RewriteCond %{REQUEST_URI} !^/customers/.*" line to my .htaccess file.

Anyone got an idea here?


Community Member, 2 Posts

11 May 2011 at 10:31am

Holy crap... I think I got it. On my server at least, Apache was trying to serve up 401.shtml in order to prompt the user for login credentials. Since SS had no specific rule to ignore that file, it took over and gave me the "Page Not Found" page instead. I had to add an additional line to SS's .htaccess file to ignore 401.shtml as well, and my login popup started working!

In this example, "customers" is my password-protected folder.

<IfModule mod_rewrite.c>
	RewriteEngine On
	RewriteBase /

	RewriteCond %{REQUEST_URI} !^/customers/.* [NC] 
	RewriteCond %{REQUEST_URI} !^/401.shtml [NC] 
	RewriteCond %{REQUEST_URI} ^(.*)$
	RewriteCond %{REQUEST_FILENAME} !-f
	RewriteRule .* sapphire/main.php?url=%1&%{QUERY_STRING} [L]

I hope this helps anyone else with this issue.


Community Member, 130 Posts

24 May 2011 at 2:06am

Thanks Michigan Bob, thats been bugging me for a while. Well done :)