I have a standard .htaccess for Yii 1.1, to which I added http based authorization.
When I added the password protection, the Rewrite Condition RewriteCond %{REQUEST_FILENAME} !-f
stopped working, and now static file requests are processed through index.php
But actually the password protection doesn't work either, I can just not enter any login data and click login, or click cancel, and the site will show up anyway.
What might be happening here?
I tried every option to address the passwd file, used the complete path, used ~ relative path, and current directory relative path as in the code here, but neither worked.
I created the .htpasswd file with an online tool, I believe it to be ok, but if it was malformed, shouldn't it just block access instead of granting it? How come I'm asked for a password, none is given and then it lets me go though?
.htaccess:
AuthType Basic
AuthName "Authorreach Staging"
AuthUserFile .htpasswd
Require valid-user
# if a directory or a file exists, use it directly
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
# --- Lines relevant to this question end here (I think) ---
# For security reasons, Option followsymlinks cannot be overridden.
#Options +FollowSymLinks
Options +SymLinksIfOwnerMatch
RewriteEngine on
<Files ~ "\.(jpg|jpeg|png|gif|pdf)$">
order deny,allow
allow from all
FileETag MTime Size
</Files>
# otherwise forward it to index.php
RewriteRule . index.php