htaccess protected folder

[floko]

Hi everyone,
I just set up a very simple htaccess password protection for a folder on our website (which is run by PW of course). To be specific, I placed a .htaccess file within that folder, referencing a .htpasswd file in the same folder. 
However, somehow the PW mechanics redirect to the standard PW 404 page of our website whenever I try to open any file within that folder (instead of prompting the htaccess login and password fields). 

Thanks in advance for any hints!
 

[BrendonKoz]

Are you hosting the htpasswd protected folder within the site/ folder, or beside it? 

PWSITE:

• - /site/
• - /wire/
• - /index.php
• - /.htaccess (PW root htaccess)

I have placed folders at root (the same level as site and wire), and haven't had any issues with similar situations, so long as the file name(s) are correctly typed and matching the case sensitivity. Any PW-specific subfolders would also be subject to whatever htaccess rules those subfolders possess, so it's easier to just have separate-need folders at root level.

[floko]

Thanks for your help!
The protected folder and the htaccess file are beside the "site" folder.

PWSITE:

• - /site/
• - /wire/
• - /index.php
• - /.htaccess (of PW installation)
• - /protected-subfolder/
• - /protected-subfolder/.htaccess
• - /protected-subfolder/.htpasswd

[BrendonKoz]

I just gave things a shot on my end with a similar structure, on my DDEV development machine, and was able to (eventually) successfully access the contents of the folder once I got past the htpasswd basic authentication.

The error I experienced was that I was receiving a 500 server error, in this folder, at first. Since I knew things were working before implementing the htpasswd/htaccess combination in this particular folder, I checked the logs. DDEV is not clear on which server the logs are from, but I believe in this case it was Apache (I am not using NGINX). The error message was:

Quote

[Thu Jun 18 17:01:10.328232 2026] [authn_file:error] [pid 1627:tid 1662] (2)No such file or directory: [client 172.18.0.5:44474] AH01620: Could not open password file: /.htpasswd

My htaccess AuthUserFile directive used a relative path; it seems this particular instance of Apache didn't like that, so I opted for a full path. That worked, and I was once again able to access the content of that folder (after getting beyond the basic auth).

Now, all that being said, you say you're getting the ProcessWire-generated 404 page. Thankfully, the 404 page is itself an error document, so there should be some sort of logs, somewhere, that would report why you're getting that output. Have you checked any of the logs to see, by chance? Have you tried creating another directory (temporarily) with a test file in it just to see if you can get that to load - one that is not protected by a basic password?

Have you edited, and/or reviewed, the default ProcessWire installation's .htaccess file to see if there might be a conflict - possibly due to file extension?

[floko]

Thanks a lot for your help, very much appreciated!

As you suggested, I created another blank folder  "htaccesstest" and uploaded a blank index.html into that folder. Called that folder via URL in a browser and received a blank page, as expected. As soon as I set up a .htaccess and a .htpasswd file, I was again redirected to Process Wire's 404 page.
However, no corresponding line was added to errors.txt or exceptions.txt in site/assets/logs/

To see what happens and maybe provoke an error notification, I removed the .htpasswd file, while the .htaccess was still referencing it.
(I am using only absolute paths.)
Again, a 404 has been shown, without additional error messages in any log file.

Regarding the ProcessWire installation's .htaccess file: Since I tested both with standard index.php and index.html files, I don't believe file extensions could cause this issue.

Maybe I will have to look for an alternative approach...
Thanks again!