Htaccess password protect for admin url


I’m using dreamhost and they have a handy tool for building htaccess files for password protecting folders.

I’ve used it to add basic auth to the main cakephp htaccess file and it worked perfectly but when i use it to create an htaccess file and password file in my Admin folder it doesn’t seem to work.

It generates an htaccess file with something like this:

AuthType Basic
AuthUserFile /home/exampleuser/
AuthName "Members Area"
require valid-user

I’m wondering if the way cakephp uses htaccess files is preventing certain things from working.

I tried adding a few headers for extra security to the main htaccess file recently and none of them were sent. One example of that would be the x-frame options header.

Anyone out there tried doing either of these things?


As usual I’ll try to answer my own question.

I’ve found that i can add headers within cake by using $this->response->headers()

However this raises important questions:

Why cant i do it with .htaccess?

And what else won’t work in .htaccess?

I’ve already had Dreamhost demonstrate that it is possible to add headers using .htaccess on their shared hosting, so it must be something to do with cake.

I was planning to use 6G Firewall for the site i am working on but, since it is basically .htaccess code, it now seems I’ll have to carry out considerable testing to make sure it is actually working.

Information is what i need really. Firstly, why can’t i add headers using .htaccess? It’s not that I have a burning need to add my headers that way. The problem is the uncertainty; not knowing why it doesn’t work, which leaves me wondering what else might not work.

If anyone associated with Cake development is reading this could you please help me out here?