while mod_rewrite + <Files "helloworld.txt"> + AuthUserFile

Discussion in 'Server Operation' started by hkendusers, Jan 12, 2017.

  1. hkendusers

    hkendusers New Member

    After installing Wordpress, there will be a rewrite config in .htaccess, and at the same time I want to use AuthUserFile to protect a file, hence my .htaccess set as below, however it does work as what I expected. Thanks a million.

    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>

    <Files "helloworld.txt">
    AuthUserFile /var/www/clients/client0/web1/web/.htpasswd
    AuthType Basic
    AuthName "Admin Only"
    require valid-user
    Satisfy All
    </Files>

    Result: 404 error and the Wordpress redirects to 404 custimized error page
    server access log: 1.2.3.4 - - [12/Jan/2017:15:13:04 +0800] "GET /helloworld.txt HTTP/1.1" 404 30626 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:49.0) Gecko/20100101 Firefox/49.0"

    ----------------------------------------------------------------------------------------------------------------------------------------------------------------

    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>

    AuthUserFile /var/www/clients/client0/web1/web/.htpasswd
    AuthType Basic
    AuthName "Admin Only"
    require valid-user
    Satisfy All

    Result: Login windows prompted as expected, but it will protect whole directory, it is not what I want.
    server access log:
    1.2.3.4 - - [12/Jan/2017:15:12:20 +0800] "GET /helloworld.txt HTTP/1.1" 401 751 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:49.0) Gecko/20100101 Firefox/49.0"
    1.2.3.4 - admin [12/Jan/2017:15:12:23 +0800] "GET /helloworld.txt HTTP/1.1" 200 295 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:49.0) Gecko/20100101 Firefox/49.0"

    ----------------------------------------------------------------------------------------------------------------------------------------------------------------
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>

    Result: Access normally, as no any protection
    server access log: 1.2.3.4 - - [12/Jan/2017:15:11:50 +0800] "GET /helloworld.txt HTTP/1.1" 200 296 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:49.0) Gecko/20100101 Firefox/49.0"

    ----------------------------------------------------------------------------------------------------------------------------------------------------------------

    <Files "helloworld.txt">
    AuthUserFile /var/www/clients/client0/web1/web/.htpasswd
    AuthType Basic
    AuthName "Admin Only"
    require valid-user
    Satisfy All
    </Files>

    Result: Login windows prompted as expected, and only protecting helloworld.txt, it is what I want, but rewrite function not working anymore. Secondly it is weird that server access log is firstly 404, and then 304.
    server access log:
    1.2.3.4 - - [12/Jan/2017:15:08:47 +0800] "GET /helloworld.txt HTTP/1.1" 404 748 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:49.0) Gecko/20100101 Firefox/49.0"
    1.2.3.4 - admin [12/Jan/2017:15:08:50 +0800] "GET /helloworld.txt HTTP/1.1" 304 162 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:49.0) Gecko/20100101 Firefox/49.0"
     
  2. hkendusers

    hkendusers New Member

    can any one help solving it? Thanks a million
     

Share This Page