Jump to:

4873 Posts in 7171 Topics by 1471 members

Installing SilverStripe

SilverStripe Forums » Installing SilverStripe » Secure non-SS folder with htaccess

Getting SilverStripe up and running on your computer and on your web server.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Page: 1
Go to End
Author Topic: 1632 Views
  • klikhier
    Avatar
    Community Member
    150 Posts

    Secure non-SS folder with htaccess Link to this post

    I ran into the following problem. I have a folder called 'old' in my SS root, where the old website of a client is located. Clients wants to be able to access the old site, so here's what I did:

    1. Added .htaccess in /old with the following code:

    <IfModule mod_rewrite.c>
    RewriteEngine Off
    </IfModule>

    => I can access the folder /old!

    2. Added the following code where 'user' is the correct site name:

    AuthName "Restricted Area"
    AuthType Basic
    AuthUserFile /home/user/.htpasswds/.htpasswd
    require valid-user

    => I constantly receive the 'Page-not-found-page'.

    Can anybody tell me why? Have double checked the correct user name (path) and location of .htpasswd. Both .htaccess and .htpasswd have chmod 644.

  • elsbth
    Avatar
    Community Member
    8 Posts

    Re: Secure non-SS folder with htaccess Link to this post

    I have the exact same problem, but with two subdirectories instead of one. I've tried all sorts of RewriteCond in .htaccess but with no luck.
    Does anyone know what to do?

  • michiganbob2k
    Avatar
    Community Member
    2 Posts

    Re: Secure non-SS folder with htaccess Link to this post

    I am also having this problem. For whatever reason, SS is taking over my password-protected folder even through I added the "RewriteCond %{REQUEST_URI} !^/customers/.*" line to my .htaccess file.

    Anyone got an idea here?

  • michiganbob2k
    Avatar
    Community Member
    2 Posts

    Re: Secure non-SS folder with htaccess Link to this post

    Holy crap... I think I got it. On my server at least, Apache was trying to serve up 401.shtml in order to prompt the user for login credentials. Since SS had no specific rule to ignore that file, it took over and gave me the "Page Not Found" page instead. I had to add an additional line to SS's .htaccess file to ignore 401.shtml as well, and my login popup started working!

    In this example, "customers" is my password-protected folder.

    <IfModule mod_rewrite.c>
       SetEnv HTTP_MOD_REWRITE On
       RewriteEngine On
       RewriteBase /

       RewriteCond %{REQUEST_URI} !^/customers/.* [NC]
       RewriteCond %{REQUEST_URI} !^/401.shtml [NC]
       RewriteCond %{REQUEST_URI} ^(.*)$
       RewriteCond %{REQUEST_FILENAME} !-f
       RewriteRule .* sapphire/main.php?url=%1&%{QUERY_STRING} [L]
    </IfModule>

    I hope this helps anyone else with this issue.

  • ambient
    Avatar
    Community Member
    113 Posts

    Re: Secure non-SS folder with htaccess Link to this post

    Thanks Michigan Bob, thats been bugging me for a while. Well done

    1632 Views
Page: 1
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.