Home » Beyond the Basics » HowTos » Server and database

Configuring .htaccess to ignore specific subfolders

·
Last modified: April 19, 2009 - 20:47

Ignoring Subfolders that exist in the DocumentRoot

With clean URL's enabled, when running other software applications in subfolders (subdirectories) of a Drupal root installation. your .htaccess file may rewrite those URL's to Drupal. This may be a particular problem for those with a Drupal installation in the root of their domain using Cpanel and Fantastico where Fantastico installs other software into subfolders. For example, phpSurveyor's admin interface as installed by Fantastico will not work with Drupal's default .htaccess settings. The URL for the admin interface is inaccessible and will return a "page not found" page in your Drupal site.

The trick is to modify .htaccess to ignore specific files/folders. So for example, if you have two folders, <folder1> and <folder2> in the root of your Drupal installation, modify your .htaccess file by inserting the following code directly after the "RewriteEngine on" directive, before the Drupal rewrites:

=========[ start of .htaccess snippet]==========
<IfModule mod_rewrite.c>
  RewriteEngine on
  #
  # stuff to let through (ignore)
  RewriteCond %{REQUEST_URI} "/folder1/" [OR]
  RewriteCond %{REQUEST_URI} "/folder2/"
  RewriteRule (.*) $1 [L]
  #
====================[ end ]=====================

For each folder you want to bypass, add a RewriteCond line, and end all but the final RewriteCond with [OR]. Note that the [L] in the rewrite rule tells it to stop there and bypass the rest of the rewrite rules.

Ignoring subfolders that are included via Apache Alias directives

As of 4.7, files and directories should be automatically allowed through in drupal's .htaccess setup. Thats what the !-f and !-d lines do.

However if you are working with Apache Alias or similar directives the file doesn't actually exist so drupal will take over like it should. The best way around it is to just add one more conditional that matches your location and make it skip it too. Thats what the ! means. Please see below:

RewriteCond %{REQUEST_URI} !^/yourDirectoryName
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]

It essentially means Apply this rule if the REQUEST_URI doesn't start with /yourDirectoryName and the REQUEST_FILENAME isn't a real file or a real folder. Which is exactly what you want. There is an implied "AND" between the lines of that rule. The ! says "not like this".

Restore support for other Directory Index Files (index.htm)

Drupals .htaccess file also includes a line (DirectoryIndex) that gives instructions "If asked for a directory path, return the index.php file found in that directory". This replaces the normal webserver behaviour that usually says "return the index.htm file found there".

The good news, it that it's easy to say both. And that's what we need to do to allow other folders of HTML content to co-exist with Drupal and server them as expected.

Method 1 - Allow index.html anywhere

Edit Drupals .htaccess file and change the DirectoryIndex line to read:

DirectoryIndex index.php index.html index.htm

Now index.htm and .html files may be served if no index.php is found. You can add other filenames as needed.

Method 2 - Allow html (and folder listings) in the subdirectory

You may also avoid changing Drupals .htaccess, and just set the preferences for the relevant subfolder. This is a little more specific, accurate, and maybe secure.

Create a new .htaccess file in the target folder, eg folder1/.htaccess
Add the lines

DirectoryIndex index.php index.html index.htm
Options +Indexes

Now index.htm and .html files may be served from there.
Additionally, the default Apache 'raw folder listing' behaviour has been restored, so you can see where you are even if there is no index file in the folder. This is optional, but may be useful to you. It is advised you do not allow folder listings at the Drupal level.

There's a heap more possible, but it's all in the Apache Docs so go there for more info and examples.
You may also want to adjust the 404 behaviour for that subfolder too.

» Login or register to post comments

Problem when page requires authentication

massimoi - January 8, 2007 - 14:50

You will notice that the default .htaccess will not work if your page requires authentication (ie: it contains another .htaccess that requests username and passowrd to the user).

In order to get it working you should prepare a file called
401.shtml
and put it into your root directory

/home/mysite/www/

See also this node, great help
http://drupal.org/node/52465#comment-106353

________________________________________________________
Massimoi :-] - http://impronta48.it - http://www.nkoni.org

Login or register to post comments

Apache basic authentication in subdirectories

-ds- - October 1, 2008 - 18:49

After a massive headache and trying all sorts of htaccess rewrites in different places - the solution is rather simple:

Add this line to the beginning of the .htaccess file in your subdirectory you are trying to protect:

ErrorDocument 401 "Unauthorized"

From here: http://drupal.org/node/64708

Login or register to post comments

You're a godsend, -ds-

Caleb G - January 12, 2009 - 03:39

Thanks so much for posting that - I've been going totally nuts trying to figure this out!

~~~
HigherVisibility

Login or register to post comments

DirectoryIndex index.php index.html

sm5por - February 24, 2008 - 23:34

I had (or at least I thought I had) the same problem trying to access my Webalizer subfolder, as I got nothing but 403 Forbidden responses ("You don't have permission to access /webalizer/ on this server.") after I had authenticated myself. The way my hosting company has configured their server, the webalizer directory is owned by root and I can't modify its .htaccess file or other contents, only read it.

After some failed attempts using the RewriteEngine to bypass Drupal, I realized that Drupal wasn't really at fault, but that I was in effect asking for a directory listing in spite of Options -Indexes in the .htaccess file (put there by Drupal, of course). Webalizer uses index.html for its main statistics page, and when I explicitely added that filename to my URL, the problem disappeared.

Eventually, I added index.html to the DirectoryIndex directive, where Drupal only requires index.php to work. I believe that won't impact security as much as enabling Indexing across the website would.

Login or register to post comments

thanks

robBrennan - September 28, 2008 - 23:09

this helped me as I was trying to add some static non-drupal content to the domain I was working on.

In addition to the issues above I had a basic file permissions error so I had to chmod 755 all my files too (just in case this trips anyone else up).

Login or register to post comments

For users who have Drupal 6.x installed in the root directory

Sam308 - April 8, 2009 - 19:03

I have Drupal 6.10 and searched all the forums, but could not find a simple solution that worked. Below is a simple solution that works.

For users who have Drupal 6.x installed in the root directory of the domain, do the following:

The ONLY thing you need to do to gain http access to a sub-directory in your domain if Drupal 6.x is installed in the domain’s root is to create and add an .htaccess file containing the following single line of code to the sub-directory.

.htaccess file
-------------

ErrorDocument 401 "Unauthorized"

My particular situation:

Drupal 6.10 installed in the root of mydomain.com.
Clean URLs enabled and using the third party pathauto module.

Needed to allow customer access to:

mydomain.com/customers/customer-001
mydomain.com/customers/customer-002
mydomain.com/customers/customer-003
mydomain.com/customers/customer-004
mydomain.com/customers/customer-xxx (ect...)

where each of the individual mydomain.com/customers/customer-xxx sub-directories are username / password protected.

Note, these mydomain.com/customers/customer-xxx password protected sub-directories already existed before the Drupal installation, so I did not have to do anything to them.

I needed to allow customer access to the mydomain.com/customers/customer-xxx sub-directories, so I created and added the above mentioned .htaccess file to only the mydomain.com/customers/ sub-directory.

That's it. It all worked from then on.

Optional Change

If you also want to have access to an index.html file located in the root directory along side with the Drupal's index.php file, then modify the root directory's .htaccess file as follows:

Add the index.html file name to the DirectoryIndex line.

Before Modification of the .htaccess file

# Set the default handler.
DirectoryIndex index.php

After Modification of the .htaccess file

# Set the default handler.
DirectoryIndex index.php index.html

Sam

Sam Raheb (Sam308)

Login or register to post comments

Godaddy users who have Drupal 6.x in the root directory

jolava - April 16, 2009 - 04:59

I have a virtual domain using godaddy and when I put the .htaccess, I get 404 pages everywhere on my site. I just put the following lines in my .htaccess at the root of my drupal installation. Now, clean url is working perfectly and I do not have Unauthorized access 404 pages on my site.

Just add a .htaccess file at the root of your drupal installation that includes these lines:

# Various rewrite rules.

RewriteEngine on

# If your site can be accessed both with and without the 'www.' prefix, you
# can use one of the following settings to redirect users to your preferred
# URL, either WITH or WITHOUT the 'www.' prefix. Choose ONLY one option:
#
# To redirect all users to access the site WITH the 'www.' prefix,
# (http://example.com/... will be redirected to http://www.example.com/...)
# adapt and uncomment the following:
# RewriteCond %{HTTP_HOST} ^example\.com$ [NC]
# RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301]
#
# To redirect all users to access the site WITHOUT the 'www.' prefix,
# (http://www.example.com/... will be redirected to http://example.com/...)
# uncomment and adapt the following:
# RewriteCond %{HTTP_HOST} ^www\.example\.com$ [NC]
# RewriteRule ^(.*)$ http://example.com/$1 [L,R=301]

# Modify the RewriteBase if you are using Drupal in a subdirectory or in a
# VirtualDocumentRoot and the rewrite rules are not working properly.
# For example if your site is at http://example.com/drupal uncomment and
# modify the following line:
# RewriteBase /drupal
#
# If your site is running in a VirtualDocumentRoot at http://example.com/,
# uncomment the following line:
RewriteBase /

# Rewrite URLs of the form 'x' to the form 'index.php?q=x'.
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]

# $Id: .htaccess,v 1.98 2008/11/28 09:39:13 dries Exp $

--
Joe

Login or register to post comments

Nothing has worked

deggertsen - April 17, 2009 - 22:13

I have looked everywhere for a solution to this problem but nothing has worked. I have tried all the above suggestions and several more on other threads. Yet, I am still unable to access any of my sub directories. I have mediawiki installed in a sub directory but I am unable to access it. I am wondering if it is something to do with Drupal 6? Most of what I have seen is for 4 or 5. The major solution I see for Drupal 6 is to include ErrorDocument 401 "Unauthorized" in the .htaccess of all the sub directories you want to be able to access but that doesn't help at all either. However, I have an HTML website in another directory which will come up if I type index.html specifically but not if I just enter the directory like usual. But this is not the case with mediawiki as I can try to type http://example.com/wiki/index.php but it still doesn't work.

Is anybody else still not able to solve this problem or does anybody have any other likely solutions?

Thanks.

Login or register to post comments

RE: Nothing has worked

Sam308 - April 19, 2009 - 18:21

I cannot be sure that this is the problem, but it may be due to a conflict with using the index.php file name since Drupal uses the same index.php file name.

The following may work, but may not be the optimal solution.
You could try to create an index.html relocation page as shown in the example below that will point to the http://example.com/wiki/index.php page.

index.html HTML Relocation Page

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>HTML Relocation Page</title>
</head>
<body>
<META HTTP-EQUIV="REFRESH" CONTENT="0;URL=http://example.com/wiki/index.php">
</body>
</html>

You can also name this file to index.htm and then add the file name to the domain's root .htaccess file.

# Set the default handler.
DirectoryIndex index.php index.html index.htm

Sam

Sam Raheb (Sam308)

Login or register to post comments

Finally Found a Clear Solution!

bruplex - June 30, 2009 - 21:19

http://www.thesitewizard.com/apache/access-non-drupal-folders.shtml

Yay! This was a very clear article and it worked for me. A few notes:

* You need to have 2 .htaccess files. The one Drupal uses in the root (or your Drupal root) directory needs to have the 401 error code. The second .htaccess file goes into your chosen root folder and lists Directory terms, NOT the 401 error code.

* It works and saved me some serious Pagerank mojo :)

Login or register to post comments

subscribing

fehin - July 29, 2009 - 11:34

subscribing

Login or register to post comments
 
 

Drupal is a registered trademark of Dries Buytaert.