Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
#1 2007-11-04 18:54:35
- rollo
- New Member
- Registered: 2006-04-22
- Posts: 6
Password-protected directory won't co-exist with Textpattern
Hi.
I would like to password-protect a subdirectory of the directory where Textpattern is installed, using HTTP Basic Authentication in an .htaccess file in the subdirectory.
Can’t do it. I’ve tried everything. Including, obviously, the “official” FAQ advice:
http://textpattern.com/faq/173/password-protected-directories-with-htaccess (ie, specify error pages). Doesn’t work. The directory is still visible. I’ve tried all permutations of the error-page filenames (they seem to be the ones recommended by my host anyway).
http://forum.textpattern.com/viewtopic.php?id=17729 (ie, add a rewrite condition to the .htaccess). Doesn’t work. Throws a Textpattern 404.
I’ve tried all combinations of ideas found on forums and from similar problems with Drupal and Wordpress, including tinkering with the index.php (even that didn’t work). Nothing allows Textpattern and a password-protected directory to exist at the same time.
Should I give up?
Help appreciated…
R
Offline
#2 2007-11-05 10:08:51
- Mary
- Sock Enthusiast
- Registered: 2004-06-27
- Posts: 6,236
Re: Password-protected directory won't co-exist with Textpattern
Would you show us what your .htaccess looks like (in full), please?
Offline
#3 2007-11-06 01:45:42
- rollo
- New Member
- Registered: 2006-04-22
- Posts: 6
Re: Password-protected directory won't co-exist with Textpattern
Hi, thanks for the response.
The .htaccess in the subdirectory I want to protect looks like this:
ErrorDocument 401 [localpath]/401.shtml #these two lines following FAQ advice (files exist)
ErrorDocument 403 [localpath]/403.shtml
AuthType Basic
AuthUserFile [localpath]/.htpasswd #exists and correctly formatted
AuthName “Only for registered users”
require valid-user
Correction to my previous post. Uncommenting the ‘require valid-user’ line (as above) causes the Textpattern 404. Otherwise it (naturally) just allows access.
Hope that’s useful. This must be possible to fix.
PS1: If I chmod 700 the subdirectory, calling it in a browser produces the custom 403 error page specified above.
PS2: The .htaccess in the main TXP directory is standard:
#DirectoryIndex index.php index.html
#Options +FollowSymLinks
#RewriteBase /relative/web/path/
<IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{REQUEST_FILENAME} -f [OR] RewriteCond %{REQUEST_FILENAME} -d RewriteRule ^(.+) – [PT,L]
RewriteRule ^(.*) index.php </IfModule>#php_value register_globals 0
Last edited by rollo (2007-11-06 01:46:57)
Offline
#4 2007-11-06 20:44:05
- Mary
- Sock Enthusiast
- Registered: 2004-06-27
- Posts: 6,236
Re: Password-protected directory won't co-exist with Textpattern
The ErrorDocument lines from the FAQ should be in your Txp .htaccess file, not the sub-directory’s. :)
Offline
#5 2007-11-07 01:19:09
- rollo
- New Member
- Registered: 2006-04-22
- Posts: 6
Re: Password-protected directory won't co-exist with Textpattern
Tried that already (along with other possible interpretations of the instructions).
Still gives a Textpattern 404. Seems that as long as Txp sees the subdirectory (and it’s readable) then it will ignore its .htaccess.
What to try next?
I appreciate the help.
Offline
#6 2007-11-07 23:38:38
- Mary
- Sock Enthusiast
- Registered: 2004-06-27
- Posts: 6,236
Re: Password-protected directory won't co-exist with Textpattern
Try adding to the sub-directory’s .htaccess:
<IfModule mod_rewrite.c>
RewriteEngine Off
</IfModule>Offline
#7 2007-11-08 09:43:15
- rollo
- New Member
- Registered: 2006-04-22
- Posts: 6
Re: Password-protected directory won't co-exist with Textpattern
I left it a day, then deleted the superfluous ErrorDocument lines from the subdirectory .htaccess.
For one of these reasons, the authentication now works fine.
Thanks very much for the pointers. Much appreciated.
Offline