Mod_rewite & mod_auth conflict


In order to prevent access to all of the files in my domain.tld document root directory I created a .htaccess file to redirect all requests other than a few exceptions to a directory that I want visitors to see. For now I want my main website to be located at http://www.domain.tld/site/, and not http://www.domain.tld/. Here is part of the .htaccess file located in my document root:

[code]Options +FollowSymLinks
RewriteEngine on

Check for DocumentRoot directory and contained files

RewriteCond %{REQUEST_URI} ^/.*$

Do not redirect the following directories:

RewriteCond %{REQUEST_URI} !^/testDir

Do not redirect the following root files:

RewriteCond %{REQUEST_URI} !^/robots.txt

Redirect all other requests to be in the site directory

RewriteRule ^.*$ http://www.domain.tld/site/ [R][/code]

This seems to work great. Everything not in an exception condition gets redirected to something inside /site/, and I can access pages within /tesDir/ too. When I add basic authentication to the .htaccess file located in testDir (& .htpasswd, etc.), I can no longer access that part of the site. It gets redirected to /site/ with out even providing me with a login dialog.

Sniffing the web traffic I can see that my browser is sending a GET request for /testDir to my host: www.domain.tld/. The next HTTP response from DH is (edited):

HTTP/1.1 302 Found ... WWW-Authenticate: Basic realm="Protected area test" Location: http://www.domain.tld/site/ ...
To me this this is saying that my redirection is somehow occurring rather than send out 401 Auth required to let my browser prompt me for credentials.

Can anyone please help? I’ve searched and search, and tested, but I cannot figure out how to make it work.

  • Brent