I have a folder under the root of my Drupal installation that I want to password protect.

Accessing this folder without a .htaccess file works fine. If I add a .htaccess file with the usual password protect content, Drupal starts spitting back a "Page Not Found" error instead of prompting me for a password for the folder.

Comments

AmrMostafa’s picture

Priority: Critical » Normal

I've tried password-protecting a folder inside my Drupal root using .htaccess and the instructions from the Apache manual and it worked fine.

If you feel this might be a configuration problem in your end, please set the issue category to 'support'. Thanks.

And this is not critical actually :-)

denney’s picture

Project: Drupal core » Pathauto
Version: 5.1 » 5.x-2.x-dev
Component: path.module » Code

Hmm... must be my use of Path-auto then. I don't know if this is a configuration error because password protection OUTSIDE the Drupal folder works fine.

I've changed this to the path-auto project because this may be the problem.

BTW... setting priority to critical was a mistake. I must have clicked it when I was writing the bug. sorry.

greggles’s picture

What makes you think that this is caused by pathauto and not just path module? Pathauto merely creates url_aliases automatically. Try disabling the pathauto module and see if you still have the problem. That should show whether it is from pathauto or not.

greggles’s picture

Status: Active » Postponed (maintainer needs more info)

I'm inclined to mark this as "won't fix" because I don't understand how this could be pahtauto's to fix. I'll leave it as needs more info for a while...

denney’s picture

Project: Pathauto » Path
Version: 5.x-2.x-dev »

Yeah, you're right. This is caused by the Path module I believe as I have disabled ALL my 3rd party modules and the issue still exists.

denney’s picture

OK, I've narrowed it down to the following lines in the .htaccess file of Drupal...

  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]

Removing the first and second lines make no difference. Removing the last line though and the subdirectory works.

r0g’s picture

Just had this myself.. adding the follwing too my .htaccess ( the one in the subfolder ) worked a treat.

ErrorDocument 401 "Unauthorized"

as per: http://drupal.org/node/30334#comment-125799

r0g.

greggles’s picture

Status: Postponed (maintainer needs more info) » Closed (works as designed)

So, I think we can say this is by design and just requires configuration and/or better documentation.

Denny and/or r0g - could either of you write up a handbook page based on that comment and then link to it from this issue? That would really help reduce the problem for other people in the future.

denney’s picture

I've created a simple page at http://drupal.org/node/145227 explaining the problem with the solution provided by r0g. Feel free to modify and update it as it's my first handbook page.

greggles’s picture

I don't know much about that area of apache configuration - but I do want to say a big thanks for documenting that! It looks great to me.