EllisLab text mark
Advanced Search
1 of 2
1
   
htaccess in subdir returns error
Posted: 17 July 2007 06:28 PM
Avatar
Joined: 2006-03-04
3 posts

Hello,

I have CI running with my server root folder, wich has this .htaccess:

RewriteEngine on
RewriteBase 
/
RewriteCond $!^(index\.php|css|js|rss20.xml|images|editorial|testes|robots\.txt)
RewriteRule ^(.*)$ /index.php/$1 [L] 

The problem is:

if I try to protect the editorial, or any other folder listed in the RewriteCond, with a .htaccess, it returns a “404 Page Not Found - The page you requested was not found” error.

How can I protect subfolders with htaccess? Wich modifications must I do? If you could please help me, I’d appreciate it.

Thanks in advance,

 
Posted: 17 July 2007 07:38 PM   [ # 1 ]   [ Rating: 0 ]
Joined: 2006-02-06
117 posts

Put a .htaccess file in the folder you want to protect with the command

RewriteEngine off
deny from all 

Also this might help: .htaccess files.

 Signature 

My Blog, I work at Erskine Design

 
Posted: 17 July 2007 08:06 PM   [ # 2 ]   [ Rating: 0 ]
Avatar
Joined: 2006-03-04
3 posts

Thank you for the fast response.

It still doesn’t work. I’ve already tried those you’ve suggested and other, but it doesn’t work anyway.

Thanks. I’ll keep searching. If anyone has a suggestion, go ahead and give it.

 
Posted: 18 July 2007 05:43 AM   [ # 3 ]   [ Rating: 0 ]
Joined: 2006-02-06
117 posts

Are you wanting to password protect the folder with .htaccess - or just generically prevent access from the public?

What page are you requesting to get the 404 error?

also the ‘.’ in rss20.xml should be escaped rss20\.xml - I don’t know if this is a typo in the post or actually in your code.

 Signature 

My Blog, I work at Erskine Design

 
Posted: 18 July 2007 05:49 AM   [ # 4 ]   [ Rating: 0 ]
Joined: 2007-06-19
3 posts

Do you want to protect your ‘editorial’ folder (ie: disallow access to it) or do you want to allow specific access to it?

If you’re getting a 404 when you try to access it, then I’d say it’s pretty well protected wink However, if you want to use HTTP Authentication, then you’d need to add it as you have done (escaping rss20.xml with rss20\.xml) as Codepat mentioned and then you can go ahead and add a second .htaccess file with HTTP Authentication specifics in the ‘editorial’ folder itself.

 
Posted: 23 July 2007 11:32 PM   [ # 5 ]   [ Rating: 0 ]
Joined: 2007-01-16
18 posts

Jose,

Have you found a way around this problem yet?

I am having the same issue. I am using CI 1.5.3 and have the following .htaccess fie in my main directory (located in /home/client/public_html):

RewriteEngine on
RewriteCond 
$!^(index\.php|images|css|cms|scripts|ssi|slideshow|sifr|tinymce|filemanager|robots\.txt)
RewriteRule ^(.*)$ index.php/$1 [L] 

I have a folder called cms that I would like to restrict access to one user using basic authentication. I set it up using cpanel and currently have the following .htacess:

RewriteEngine off
AuthType Basic

AuthName 
"cms"

AuthUserFile "/home/client/.htpasswds/cms/passwd"

require valid-user 

I get a 404 when trying to go to the cms folder.

Has anyone come across this issue before? Could it be the rewrite causing problems with the location of the password even though it sits a level below it on the server?

Thanks,
Ben

 
Posted: 24 July 2007 07:10 AM   [ # 6 ]   [ Rating: 0 ]
Avatar
Joined: 2006-03-04
3 posts

I’m still hving the same problem. And benmanson as put it way better than I have.

I have the exact problem he has. A dir, inside CI root, that has a .htaccess the same as benmanson’s. If I add the folder’s name to the list in the root’s .htaccess, all is good, and I have access. But, if I want to protect it with basic authentication, as soon as I put a .htaccess inside it, I no longer can access it, and CI returns a 404.

If anybody can help, I’d appreciate it.

Thanks in advance,

 
Posted: 12 January 2008 08:14 PM   [ # 7 ]   [ Rating: 0 ]
Joined: 2007-10-15
51 posts

I am having this problem now, I have a back-end application which is not part of the CI app, and if I use htccess to protect it I get CI’s 404 error…

Any help would be greatly appreciated!

 
Posted: 12 January 2008 08:35 PM   [ # 8 ]   [ Rating: 0 ]
Joined: 2007-01-16
18 posts

hi,

I couldn’t resolve this problem so I ended up integrating a simple user authentication system (I used SimpleLogin). It might not be an option for you but it solved things for me.

Hope that helps.

cheers
Ben

 
Posted: 16 January 2008 01:13 PM   [ # 9 ]   [ Rating: 0 ]
Joined: 2007-10-15
51 posts

The problem is our project allotted 5 minutes for setting directory permissions, now it’s going on days…integrating an authentication system is definitely not an option. Now my boss is angry at me for using CI!

 
Posted: 15 February 2008 10:13 AM   [ # 10 ]   [ Rating: 0 ]
Avatar
Joined: 2005-10-14
646 posts

So did anyone ever find a solution to this problem. I’m in the same boat, I want to use basic server level auth for the admin area rather than rolling a CI based solution. I’m wondering if there’s a way to specify a password protected folder in httpd.conf as this is not reliant on a folder actually existing…

 Signature 

Nathan Pitman - Nine Four

Follow us on Twitter - ExpressionEngine Add ons from Nine Four

 
Posted: 15 February 2008 10:54 AM   [ # 11 ]   [ Rating: 0 ]
Avatar
Joined: 2005-10-14
646 posts

A friend suggested another option:

“...one approach you could look at is to physically create that folder, put your htaccess in it with the Basic Auth stuff but then also use a rewrite rule to pass the request back to /index.php”

I’m not sure exactly how to do that but if it works do post your results…

 Signature 

Nathan Pitman - Nine Four

Follow us on Twitter - ExpressionEngine Add ons from Nine Four

 
Posted: 07 March 2008 04:14 AM   [ # 12 ]   [ Rating: 0 ]
Avatar
Joined: 2007-09-06
6 posts

I figured out how to fix this.  When you do a basic authentication with htaccess the server will return a 401 code. This appears to prompt the server to send a file called 401.shtml to the browser.  I added the ‘401.shtml’ to my htaccess RewriteCond and that made it work:

RewriteEngine On
RewriteBase 
/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond 
%{REQUEST_FILENAME} !-d
RewriteCond 
$!^(401.shtml)
RewriteRule ^(.*)$ /index.php/$1 [L] 

I’m not sure if basic auth works like this on all server setups (I’m on a cPanel server) so if this doesn’t work for you here is how I figured it out. I turned on logging in the config file (this saves a log file to /system/logs)

Then you’ll need to change this line in system/libraries/Router.php:

// Can't find the requested controller...
show_404(); 

to

// Can't find the requested controller...
show_404($segments[0]); 

Now when you visit your authenticated folder, you should get a logged message of what file the Router class is testing against.  Add whatever file that is, add it to your RewriteCond.  Mine said 401.shtml, so that is what I added, and wha-la it workd smile

Hope this helps.

James

 
Posted: 07 March 2008 04:23 AM   [ # 13 ]   [ Rating: 0 ]
Avatar
Joined: 2007-09-07
202 posts

nice resolution devtrench smile

 Signature 

Restrict who can interact with your PHP application
Get Developer Access

 
Posted: 07 March 2008 11:34 AM   [ # 14 ]   [ Rating: 0 ]
Avatar
Joined: 2007-09-06
6 posts
devtrench - 07 March 2008 09:14 AM

I figured out how to fix this.

I might have spoken too soon… I just realized this morning that my entire site now has basic authentication on it :( Not sure how this happened, but I’ll look into it some more.  It’s unfortunate that CI messes up Basic Authentication with Apache this way.  Is it the same on all installs or just some server configurations??

I’ll post back when I figure out what’s going on.

James

 
Posted: 09 March 2008 04:48 AM   [ # 15 ]   [ Rating: 0 ]
Avatar
Joined: 2007-09-06
6 posts
devtrench - 07 March 2008 04:34 PM

I’ll post back when I figure out what’s going on.

Ok, this was simple - I was just linking to a file inside of the private directory.

Basically what I want to do is secure CI a little better by putting basic authentication on the applications and system directories.  I had a css file linking into the applications directory so I moved the authentication deeper in that directory where I really need it.

Once I did that, it solved my problem.

James

 
1 of 2
1