Thread

Hello.  I’m running EE 1.6.7 and I’ve put a .zip file in my public root.  I want to protect this .zip.  I don’t have a member login feature on my site and I don’t have time just now to make a pretty login page as its suggested by Brandon Ballantine.

In the .htaccess scenario, my friend/colleague would click a link to that file in their email (ie. http://mysite.com/myfile.zip).  The download/blank page would require a user/pass from browser-native request box. No styling, no html.  I realize its not a pretty way to do this, but I just need one file protected.

So I used the .htpasswd generator at
Dynamic Drive.

Its straight-forward.  I also put my .htpasswd file in the public root.  I think my rewrite rule for index.php is messing things up.  Linking to my secure file results in my 404 page.

My .htaccess file looks like this:

# BEGIN Expression Engine Rewrite
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond $1 !\.(gif|jpe?g|png)$ [NC]
RewriteRule ^(.*)$ /index.php?$1 [L]
</IfModule>



# Secure portfolio download <a href="http://tools.dynamicdrive.com/password/">http://tools.dynamicdrive.com/password/</a>
AuthName "Restricted Area" 
AuthType Basic 
AuthUserFile /home/amystodd/.htpasswd 
AuthGroupFile /dev/null 
<Files myfile.zip>
require valid-user
</Files>

Can someone please help me by giving me the code that will omit “myfile.zip” from being included in the rewrite rule?  Thanks for reading.

Moved to CodeShare Corner by Moderator

Amy, everything looks ok except the AuthUserFile path is probably incorrect.  It is wanting the absolute server path from the root.  A quick and easy way to find this would be to ssh to your server, navigate to the directory of the .htpasswd, and then type pwd.

Michael is correct. I missed the paths. Please disregard the mod_rewrite I tweeted you…

Hi Michael and Aaron.  I’m not sure how to SSH to my server.  I’ve never done that before.  I have a .htpasswd file uploaded.  It was spit back to me using the tool here.

Do I still need to SSH even though I have the .htpasswd file in the public root (same directory as my .htaccess file)?

Within your web root directory, create a php file with the following contents:

<?php

echo $_SERVER['DOCUMENT_ROOT'];

?>

Hit it with a browser and it should display the absolute path to the web root directory.  Make sure to delete the file promptly.  Hope this helps.

Hi Michael.  Thank you for the help. I gave that a go, updated my path in .htaccess and .htpasswd files.  Not sure if path safe to publish here. I guess its published above, eh?

http://amystoddard.com/myfile.zip still results in a 404 page.

I’m sorry if this is hard-headed…did I miss something?

Hmm, the htaccess shouldn’t be causing the 404.  When you remove the auth section protecting the file, does it still throw a 404?

Hi, aimelise, this is really more of a HowTo or How Do I kind of post. Moving to CodeShare Corner for additional community support.

Thanks to Michael and Aaron for helping out.