Configuring .htaccess to ignore specific subfolders
Ignoring Subfolders that exist in the DocumentRoot
With clean URL's enabled, when running other software applications in subfolders (subdirectories) of a Drupal root installation. your .htaccess file may rewrite those URL's to Drupal. This may be a particular problem for those with a Drupal installation in the root of their domain using Cpanel and Fantastico where Fantastico installs other software into subfolders. For example, phpSurveyor's admin interface as installed by Fantastico will not work with Drupal's default .htaccess settings. The URL for the admin interface is inaccessible and will return a "page not found" page in your Drupal site.
The trick is to modify .htaccess to ignore specific files/folders. So for example, if you have two folders, <folder1> and <folder2> in the root of your Drupal installation, modify your .htaccess file by inserting the following code directly after the "RewriteEngine on" directive, before the Drupal rewrites:
=========[ start of .htaccess snippet]==========
<IfModule mod_rewrite.c>
RewriteEngine on
#
# stuff to let through (ignore)
RewriteCond %{REQUEST_URI} "/folder1/" [OR]
RewriteCond %{REQUEST_URI} "/folder2/"
RewriteRule (.*) $1 [L]
#
====================[ end ]=====================For each folder you want to bypass, add a RewriteCond line, and end all but the final RewriteCond with [OR]. Note that the [L] in the rewrite rule tells it to stop there and bypass the rest of the rewrite rules.
Ignoring subfolders that are included via Apache Alias directives
As of 4.7, files and directories should be automatically allowed through in drupal's .htaccess setup. Thats what the !-f and !-d lines do.
However if you are working with Apache Alias or similar directives the file doesn't actually exist so drupal will take over like it should. The best way around it is to just add one more conditional that matches your location and make it skip it too. Thats what the ! means. Please see below:
RewriteCond %{REQUEST_URI} !^/yourDirectoryName
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]It essentially means Apply this rule if the REQUEST_URI doesn't start with /yourDirectoryName and the REQUEST_FILENAME isn't a real file or a real folder. Which is exactly what you want. There is an implied "AND" between the lines of that rule. The ! says "not like this".
Special thanks to Mike Smullin for help on this fix.
Problem when page requires authentication
You will notice that the default .htaccess will not work if your page requires authentication (ie: it contains another .htaccess that requests username and passowrd to the user).
In order to get it working you should prepare a file called
401.shtml
and put it into your root directory
/home/mysite/www/
See also this node, great help
http://drupal.org/node/52465#comment-106353
________________________________________________________
Massimoi :-] - http://impronta48.it - http://www.nkoni.org
Apache basic authentication in subdirectories
After a massive headache and trying all sorts of htaccess rewrites in different places - the solution is rather simple:
Add this line to the beginning of the .htaccess file in your subdirectory you are trying to protect:
ErrorDocument 401 "Unauthorized"
From here: http://drupal.org/node/64708
DirectoryIndex index.php index.html
I had (or at least I thought I had) the same problem trying to access my Webalizer subfolder, as I got nothing but 403 Forbidden responses ("You don't have permission to access /webalizer/ on this server.") after I had authenticated myself. The way my hosting company has configured their server, the
webalizerdirectory is owned byrootand I can't modify its.htaccessfile or other contents, only read it.After some failed attempts using the RewriteEngine to bypass Drupal, I realized that Drupal wasn't really at fault, but that I was in effect asking for a directory listing in spite of
Options -Indexesin the.htaccessfile (put there by Drupal, of course). Webalizer usesindex.htmlfor its main statistics page, and when I explicitely added that filename to my URL, the problem disappeared.Eventually, I added
index.htmlto theDirectoryIndexdirective, where Drupal only requiresindex.phpto work. I believe that won't impact security as much as enablingIndexingacross the website would.thanks
this helped me as I was trying to add some static non-drupal content to the domain I was working on.
In addition to the issues above I had a basic file permissions error so I had to chmod 755 all my files too (just in case this trips anyone else up).