I’ve got WordPress installed in the root directory of my web server, and it puts the following rewrite rules into the root .htaccess:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
In the subdirectory forum
is another PHP application that needs to be protected by HTTP Basic auth. As you would expect there is a .htaccess
file in the forum
directory which looks like this:
AuthType Basic
AuthName MembersArea
AuthUserFile /home/user/public_html/needsecure/.cnk-htpasswd_db/.1_htpasswd
require valid-user
Now the RewriteCond
statements in the root .htaccess
file should, as far as I can tell, ensure that if a user visits a subdirectory directly then no rewriting should occur. Same for a physical file, and for files named index.php
. Yet when visiting /forum
, /forum/
or even /forum/index.php
the WordPress 404 page shows.
I tried excluding the forum
directory from the rewrite rules altogether with
RewriteCond %{REQUEST_URI} ^forum/
before the final rewrite rule, which didn’t work. I also tried
RewriteRule ^forum(.*)$ - [L]
above all the other rules, and that too didn’t work. I even tried RewriteEngine Off
in forum/.htaccess
and that didn’t work.
If I remove the WordPress rewrite rules it fixes the problem, and if I remove the basic auth rules it fixes the problem. It’s only when both are present that it goes wrong: It’s as if the basic auth completely breaks the rewrite conditions. Is this a known thing?
Any suggestions? This is getting on my nerves now, I’ve been messing with it all night.
To exclude the forum directory from the wordpress Rule add the condition as below