I want to lock down a website (made on Drupal) with basic auth. Drupal is using mod_rewrite in its .htaccess file. The problem I'm facing is this - my virtual host looks like this:
<VirtualHost subdomain.mydomain.com:443>
ServerName subdomain.mydomain.com
DocumentRoot /srv/http/stage/mywebsite/public_html
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /srv/http/stage/mywebsite/public_html>
AuthType Basic
AuthName "Basic Authentication"
AuthUserFile "/srv/http/stage/mywebsite/.htpasswd"
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
require valid-user
</Directory>
</VirtualHost>
This setup works for locking a website, but when I log in, I cannot access any paths like: https://subdomain.mydomain.com/content/aliquam-facilisi , because they give me: "Forbidden" error. How should config looks like to lock a website, but make it fully functional after logging in?
Apache version: 2.4.7
Edit: Added missing directive.
I figured this out eventually. In apache2 error logs there was an information:
I figured that it needs to have something to do with "MultiViews" option, so I disabled this option in my virtual host. Then everything started to work.