I have a problem where authorisation behaves differently when a rewrite
rule is moved from the main configuration to an .htaccess file. Any
advice appreciated.
The site looks like this:
$ tree /var/www5
/var/www5
|-- dir1
|-- test1.html
|-- dir2
| |-- test2.html
|-- index.html
|-- passwords
I want the site to default to requiring a login, except that
dir1/test1.html should be readable by anybody. There's a complication,
which is that a rewrite rule sets the home page to dir1/test1.html,
rather than index.html. So the expected HTTP status codes are:
http://localhost/ 200 (because of the rewrite)
http://localhost/index.html 401
http://localhost/dir1/test1.html 200
http://localhost/dir2/test2.html 401
This configuration works exactly as expected:
<VirtualHost *:80>
DocumentRoot /var/www5
<Location />
AuthType Basic
AuthName Test
AuthBasicProvider file
AuthUserFile "/var/www5/passwords"
Require valid-user
</Location>
<Directory /var/www5/dir1>
<If true>
Require all granted
</If>
</Directory>
RewriteEngine On
RewriteRule ^(/)?$ /dir1/test1.html [L]
</VirtualHost>
Ok, here's the problem: I actually need to move the rewrite out to an
.htaccess file, so I've moved the RewriteEngine and RewriteRule lines
out to /var/www5/.htaccess. The new configuration file looks like:
<VirtualHost *:80>
DocumentRoot /var/www5
<Location />
AuthType Basic
AuthName Test
AuthBasicProvider file
AuthUserFile "/var/www5/passwords"
Require valid-user
</Location>
<Directory /var/www5>
AllowOverride All
</Directory>
<Directory /var/www5/dir1>
<If true>
Require all granted
</If>
</Directory>
</VirtualHost>
This *doesn't* work. What I get now is:
http://localhost/ 401
http://localhost/index.html 401
http://localhost/dir1/test1.html 200
http://localhost/dir2/test2.html 401
I now have to log in to visit http://localhost/. The rewrite does work;
if I log in, I get the dir1/test1.html page.
Thanks.