The Apache module mod_rewrite provides a rule-based rewriting engine that is used by most MVC frameworks (i.e. CakePHP and Zend Framework) and content management solutions (i.e. Drupal and WordPress.)
The benefits of using a rewrite engine include:
- Making website URLs more memorable to users
- Making website URLs more relevant to search engines
- Masking the inner workings of the site by hiding file extensions
I ran into an issue the other day where I needed to run a legacy application that was being protected by basic .htaccess authentication. The legacy application was located in a subdirectory.
Typically, you would just add the following line of code to your .htaccess file to instruct the rewrite engine to ignore the directory:
Unfortunately, this won't work as expected. For basic authentication, the server writes a "401 Unauthorized" header and then looks for an error document based on a pre-defined path. Most of the time, the error document won't exist in the directory that you want to protect, so the request gets handled by the rewrite engine which throws a 404 error.
The solution to this problem is pretty straightforward. You need to add a single line of code to your .htaccess file instructing Apache to ignore the error document. When you're done, the code should look something like this:
ErrorDocument 401 "Unauthorized Access" RewriteEngine off AuthType Basic AuthName "Administration" require valid-user AuthUserFile "/home/user/.htpasswds/public_html/admin/passwd"
Hopefully this will save somebody a bit of aggravation.