Lets say you have this is the document root .htaccess:
1 2 3 |
RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] |
This is the kind of rewrite that WordPress, Mambo and others use to provide SEO urls.
Now create a folder in the document root and add a .htaccess to the folder with commands to require HTTP Basic authentication.
Requests to the folder will end up being sent to /index.php and the application will generate a 404 error.
The fix is to change the rewrite rules to:
1 2 3 4 |
RewriteCond %{REQUEST_FILENAME} !\.shtml$ RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] |
This allows the invisible /401.shtml request needed for authentication to skip the rewrite rule and function corrrectly.