.htaccess index file strangeness

Recently had a situation where we have a website in progress and I wanted to password protect the site. Nothing major, just to keep casual visitors from poking around.

Thing is, I had a ad server installed in a subdirectory, and I wanted to use that ad server for other sites. I soon realized that my general .htaccess password requirement also extended to this sub directory and was causing the site ing the ads to prompt visitors for a password. Not great functionality.

So I went in search of some way to exclude the subdirectory from the .htaccess security. Unfortunately I couldn’t find a way to do this that seemed to work, but I did hit on a different solution.

Using the Files parameter I can limit my authentication to a single file, namely index.php

<Files index.php>
require valid-user

This allows subdirectories, or any other file to be accessed without being prompted for authentication, but there is one additional issue.

If the file name is included in the url


everything is fine. When the site is accessed by just the domain


and Apache attempts to load the default page (index.php) it doesn’t work. In fact the system s the following error

Authorization Required
This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn’t understand how to supply the credentials required.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

If anyone out there can explain why this happens, I would be very interested to hear it.