Strange Apache Behaviour with mod_rewrite and Basic Auth

I’ve been having a bizarre problem with Apache recently. On the Fordham Church website, we use the MODx Content Management System. MODx comes with an Apache .htaccess file, which uses mod_rewrite to give you nice URLs. For example, instead of http://www.fordhamchurch.org.uk?id=9, you get http://www.fordhamchurch.org.uk/services.html.

This worked fine for ages, until recently: I wanted to add a wiki to the website in order to document it — how to update the website, how to update email addresses etc etc. Because this data was relatively sensitive (I wouldnt’ want anyone to log in and edit it), I wanted to add password protection in using Apache’s Basic Authentication.

So, I created the wiki in a subdirectory, and then added in password protection. This did not work. Long story short, I tried a whole bunch of stuff but nothing seemed to work. For some reason, when you have mod_rewrite on, Apache doesn’t like it when you password protect a subdirectory.

After searching around a bit, I came across this thread, which seemed to explain it a bit. Sure enough, I tried adding in an ErrorDocument 401 directive to the parent directory’s .htaccess file and it works fine.

I post this in the hope that it might help others struggling with the same issue!

Advertisements