htaccess rewrite and auth conflict

Question

I have 2 directories each with a .htaccess file:

html/.htaccess - There is a rewrite in this file to send almost everything to url.php

RewriteCond %{REQUEST_URI} !(exported/?|\.(php|gif|jpe?g|png|css|js|pdf|doc|xml|ico))$
RewriteRule (.*)$ /url.php [L]

and html/exported/.htaccess

AuthType Basic
AuthName "exported"
AuthUserFile "/home/siteuser/.htpasswd"
require valid-user

If I remove html/exported/.htaccess the rewriting works fine and the exported directory can be access. If I remove html/.htaccess the authentication works fine.

However when I have both .htaccess files exported/ is being rewritten to /url.php. Any ideas how I can prevent it?

Answer 1

As far as I understand, the '404' error occurs because Apache cannot find the '401 Authentication Needed' page. So I simply solved it by creating html/401.html, and adding

ErrorDocument 401 /401.html

to my html/.htaccess

Hint was taken from http://drupal.org/node/52465#comment-106353

Answer 2

I think you may have meant this for your regex:

RewriteCond %{REQUEST_URI} !(^exported/?|\.(php|gif|jpe?g|png|css|js|pdf|doc|xml|ico)$)
RewriteRule (.*)$ /url.php [L]

Does html/exported/exported/ work in your current setup by any chance?