On Tue, 2 Dec 2003, Dunstan Orchard wrote: > Hi there, Hiya :) > I'm using htaccess amd mod_rewrite to give myself nice urls, eg: > > RewriteRule ^stocks((/)?)$ stocks.php [L] > > But I'm confused as to what to do when it comes to password protecting > pages on my site. > > Say I need to protect: > > http;//www.foo.com/stocks/ > > How do I do that using htpasswd given that the directory doesn't > actually exist - where do I put my password rules and password file? > > [....] > > Can anyone suggest anything? I'm unable to find any hint of this through > Google. > > Thanks very much (could you cc me on any replies please, I'm on digest). Use the Apache <Location> directive to specify where your authorization directives should apply, and specify a valid path for your password file: <Location /stocks> AuthUserFile /home/sites/site34/web/stocks.htpasswd AuthName "Top secret stocks page" AuthType Basic <Limit GET> order deny,allow require valid-user </Limit> </Location> The <Location> directive acts in URI-space, as opposed to the <Directory> directive, which is similar, but affects file-space (and thus could affect multiple URIs or hosts mapped into the same directory structure). -- Ernest MacDougal Campbell III, MCP+I, MCSE <dougal at gunters.org> http://dougal.gunters.org/ http://spam.gunters.org/ Web Design & Development: http://www.mentalcollective.com/ This message is guaranteed to be 100% eror frea!