apache基本身份验证中断.htaccess中的重写

Question

rewriting works fine until we add auth to htaccess. Is auth formatted correctly? Why would rewrite work before adding auth?

Request params at the site controller with no auth:

[id] => 433    [type] => city

Params after auth added and the user authenticated:

[site/query]

Sample query url that works without auth:

http://www.website.com/site/query?type=city&id=433

The .htaccess with basic auth at the bottom:

# any visits not coming from this official URL should be rerouted; AJAX cross-domain, www.website.com is not the same as our.company.com
RewriteEngine on
RewriteCond %{HTTP_HOST} !^www\.website\.com$ [NC]
RewriteRule ^(.*)$ http://www.website.com/$1 [R=301,L]

# route all requests that are NOT static files, through index.php to make the /nice/urls/ work
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?$1 [L]

# disable file listings for directories
Options -Indexes

# disable the fetching of .phtm
<Files ~ "\.phtml$">
  Order allow,deny
  Deny from all
</Files>

# Protect hidden files from being viewed
<Files .*>
    Order Deny,Allow
    Deny From All
</Files>

# Protect application and system files from being viewed
RewriteRule ^(?:modules|system)\b.* index.php/$0 [L]

# Allow any files or directories that exist to be displayed directly
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d

AuthType Basic
AuthName "Password required"
AuthUserFile /maps/scorp/main/.htpasswd
Require valid-user

Answer 1

I've got no answer to your nice questions but I hope I found a solution. :)

IMHO in your .htaccess the authorisation will take the advantage. It's a kinda tricky but you can break the priority by enclosing the "Require valid-user" directive into block <Files>. Eg:

<Files "*.phtml">
    Require valid-user
</Files>