I'm hoping someone can help my properly modify my .htaccess files to "disable" drupal from working in subdirectories of my choosing.

I have searched.

I have found several threads with instructions on what to do.

So far - they have not worked.

I have posted twice under different topics over several days and not gotten any responses:


If you have any ideas on what to try or do, please respond with any help you can lend.



jt6919’s picture

the thread that supposedly explains how to do this is here:

this doesn't work:
# stuff to let through (ignore)
RewriteCond %{REQUEST_URI} "/survey/"
RewriteRule (.*) $1 [L]

That didn't work. This did work, however it gives the entire drupal site a 500 error:
# stuff to let through (ignore)
RewriteCond %{REQUEST_URI} !survey/
RewriteRule (.*) $1 [L]

I added this to the .htaccess of the subdirectory and that didn't work either:
Options +Indexes

tried this in the subdir index - doesn't work either:
DirectoryIndex index.html

jt6919’s picture

tried this one.....
[Location /survey]
Options +Indexes

it doesn't work either (500 error for whole site)

jt6919’s picture

tried this too:
RewriteCond %{REQUEST_FILENAME} !^surveyn.*
# Rewrite only if the file is not found.

also didn't work...

lanesharon’s picture

Maybe I am way off base here, but there are two places that I know of that effect the directory settings:
sites > default > settings.php

And .htaccess lines:
# Modify the RewriteBase if you are using Drupal in a subdirectory and
# the rewrite rules are not working properly.
#RewriteBase /drupal

Take Care, Sharon

jt6919’s picture

I'm thinking settings.php shouldn't matter since all I want to do is "stop" my root drupal install from re-writing my subdirectories with "non-druapl" content.

jt6919’s picture

tried this too:
AllowOverride All

in the root .htaccess, but no luck there either...

Taran’s picture

What I don't understand about your question is whether you want subdirectories below your Drupal install to be ignored by Drupal... which is something I've never considered doing... this might seem strange, but what - exactly - are you trying to do?


jt6919’s picture

yes, that's exactly what I want to do....

I have www.site.com and the whole site is currently a Drupal site.

I want to setup other stuff under subdirs in the same web site / domain...

like maybe a forum under www.site.com/dir1
...or a siteframe install under www.site.com/dir2
...or a wordpress install under www.site.com/dir3
...or a test drupal 4.7 install under www.site.com/dir4
...or maybe even some static html under www.site.com/dir5

I don't want the whole site to be "all" drupal anymore, I want to be able to control what subdirectories drupal should leave alone.
This seems to be a very common need with dozens and dozens of forum postings, but none of the suggestions have worked for me yet.

jt6919’s picture

I found this one:
Have you tried this: RewriteBase / ? (in its own line after RewriteEngine on - without the "?")


but no luck with that one either...

jclifton’s picture

OK, I *think* I understand what's going on that's preventing you from being able to do this ... at least if the .htaccess for Drupal 4.6 is the same as Drupal 4.7. The RewriteRule checks to see if the URI requested is either a valid file or a valid dir, and if it's neither, it invokes the Drupal index.php file. So, if you stick a web app that relies on mod_rewrite calls in a subdirectory (say, Drupal w/ clean urls enabled, or WordPress with its URL rewriting enabled) then the URI that is requested doesn't exist ... and the rewrite rule then invokes Drupal.

I tried to simulate the situations on a Drupal site of mine, and doing the following to .htaccess seems to fix the problem for me.

Look toward the bottom of the .htaccess file for this:

   # Rewrite current-style URLs of the form 'index.php?q=x'.
   RewriteCond %{REQUEST_FILENAME} !-f
   RewriteCond %{REQUEST_FILENAME} !-d
   RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]

Change that to this:

   # Rewrite current-style URLs of the form 'index.php?q=x'.
   RewriteCond %{REQUEST_URI} !-U [OR]
   RewriteCond %{REQUEST_FILENAME} !-f
   RewriteCond %{REQUEST_FILENAME} !-d
   RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]

If that doesn't work at all (or on something specific) ... we'll try again. Unfortunately, it's difficult to do complex logic w/ mod_rewrite ... so this might be a tough one.

jt6919’s picture

I tried what you said...the only difference between what the file was, and your new example was the addition of this line:
RewriteCond %{REQUEST_URI} !-U [OR]

which i added. It unfortunately didn't work.

In the specific issue I'm testing, drupal is in my entire site, I have (an old) folder with Siteframe installed which has it's own index.php. So if I go to www.site.com/dir/index.php where siteframe is, drupal takes over (even though the page exists) and gives the "requested page not found" error in the drupal template.

It does the same for any other subfolder with any file or index of any type.

jclifton’s picture

That's odd ... the way the .htaccess file in 4.7 reads, that shouldn't happen ... even without the addition I suggested.

Can you post the contents of your entire .htaccess file?

Also, what happens if you turn off clean URLs in Drupal, and rename the .htaccess file to .htaccess.old?

jt6919’s picture

this is my .htaccess file from my root drupal intallation....the oddball lines are things I've tried and commented back out.
I cannot turn off clean urls in drupal, I have a live site with top 10 rankings in google. I can't risk the clean url's not being found - even for a short time, even though I'm certain that would work.....it would just hose up my ability to use mod_rewrite and clean url's.

# Apache/PHP/Drupal settings:
# Protect files and directories from prying eyes.
<Files ~ "(\.(inc|module|pl|sh|sql|theme|engine|xtmpl|aspx|jsp|look|cgi)|Entries|Repositories|Root|scripts|updates)$">
  Order deny,allow
  Deny from all

# Set some options.
Options -Indexes
Options +FollowSymLinks

# Customized error messages.
ErrorDocument 404 /index.php

# Set the default handler.
DirectoryIndex index.php

# Override PHP settings. More exist in sites/default/settings.php, but
# the following cannot be changed at runtime. The first IfModule is
# for Apache 1.3, the second for Apache 2.

<IfModule mod_php4.c>
  php_value magic_quotes_gpc                0
  php_value register_globals                0
  php_value session.auto_start              0

<IfModule sapi_apache2.c>
  php_value magic_quotes_gpc                0
  php_value register_globals                0
  php_value session.auto_start              0

# Reduce the time dynamically generated pages are cache-able.
<IfModule mod_expires.c>
  ExpiresByType text/html A1

# Various rewrite rules.
<IfModule mod_rewrite.c>
  RewriteEngine on

  # Modify the RewriteBase if you are using Drupal in a subdirectory and
  # the rewrite rules are not working properly.
  #RewriteBase /drupal
  #  RewriteBase /

  # Rewrite old-style URLs of the form 'node.php?id=x'.
  #RewriteCond %{REQUEST_FILENAME} !-f
  #RewriteCond %{REQUEST_FILENAME} !-d
  #RewriteCond %{QUERY_STRING} ^id=([^&]+)$
  #RewriteRule node.php index.php?q=node/view/%1 [L]

  # Rewrite old-style URLs of the form 'module.php?mod=x'.
  #RewriteCond %{REQUEST_FILENAME} !-f
  #RewriteCond %{REQUEST_FILENAME} !-d
  #RewriteCond %{QUERY_STRING} ^mod=([^&]+)$
  #RewriteRule module.php index.php?q=%1 [L]

#Code to allow subdirs to run stuff other than Drupal
# RewriteCond %{REQUEST_URI} "/band/"
# RewriteRule (.*) $1 [L]
# Exclude the phpmyAdmin directory.
#  RewriteCond %{REQUEST_FILENAME} !^band.*

  # Rewrite current-style URLs of the form 'index.php?q=x'.

#RewriteCond %{REQUEST_URI} !-U [OR]

  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]

# $Id: .htaccess,v 1.66 2005/03/20 19:15:00 dries Exp $

<Files 403.shtml>
order allow,deny
allow from all

deny from

jclifton’s picture

I can't see any significant differences from between that .htaccess file and mine.

Understood about the clean URLs ... I wouldn't turn them off in your instance either. Traffic from Google is way to important to risk good rankings like those. :-)

jt6919’s picture

I think I may have made a major breakthrough.......

to recap.....

Drupal is installed in the root of my site....www.site.com

I have an old siteframe install in www.site.com/dir that has an index.php - and when you go to www.site.com/dir it gives the drupal error "page not found" in my drupal site template - even though www.site.com/dir/index.php exists. I also have an .htaccess file in www.site.com/dir, and the contents of it are as follows:

AuthType Basic
AuthName "user"
AuthUserFile "/home/site/.htpasswds/dir/passwd"

require valid-user
#Options All -Indexes

DirectoryIndex index.php

It struck me that this directory has basic authentication - and maybe that's the issue, or at least part of it.

I haven't changed anything further in the root drupal .htaccess file at all - and I created a new test directory www.site.com/test.
I created a new .htaccess file in www.site.com/test like this:

DirectoryIndex index.php index.html

Then I created www.site.com/test/index.html - and it works!!

Then, I deleted www.site.com/test/index.html, and created a new www.site.com/test/index.php - and it works!!!!

So, my conclusion is that there is a conflict between my root drupal install (.htaccess) and my www.site.com/dir siteframe (.htaccess) basic authentication.

Now, I can try to intstall other things in subdirs of my drupal root site - but I can't use any authentication for them.....any help is appreciated...


jclifton’s picture

I wouldn't think that authentication would cause the problem ... it seems to be a mod_rewrite issue on the surface ... but perhaps there is more to it.

Have you tried adding authetication to the test dir?

I'm going to try the same thing on where I'm testing and see what happens as well.


9802008’s picture

If I remove the authentication settings from the .htaccess file in www.site.com/not_part_of_drupal , browsing to 'not_part_of_drupal' will work. However as soon as the authentication settings are left in the .htaccess file, Drupal displays a 'Page Not Found'.

As I see it this line:
RewriteCond %{REQUEST_FILENAME} !-d

in .htaccess is supposed to prevent the mod_rewrite occuring on any directories. But for some reason it does not work when the directory has a password.

Any Ideas?


alchemista’s picture

I'm having the same exact problem, any progress?

Were you using Apache 1.3? I've been testing this with someone and their Apache 2.0 works whereas my Apache 1.3 doesn't. mod_rewrite behavior changed a bit with 2.0, so I'm wondering if there's some workaround we need for 1.3.

The solution seems to be to figure out a RewriteCond that will fail for URLs that you want to use http auth for. However, I've been unsuccessful getting one to work!

coltrane’s picture

I experienced the same problem with trying to use Apache basic authentication in a subdirectory of a root Drupal install. After some further searching a comment at http://drupal.org/node/30334#comment-125799 contained a solution that worked for me:

So I added this line to the .htaccess file in the subdirectory (not in Drupal's root directory):

ErrorDocument 401 "Unauthorized"

savagesinister’s picture

That fixed it. I was having the exact same problem listed above, and had tried most of the same things with no luck, and adding -- ErrorDocument 401 "Unauthorized" -- to the .htaccess file of the subdirectory I wanted Drupal to ignore worked like a charm. Thanks, Coltrane!!

Sam308’s picture

I have Drupal 6.10 and searched all the forums, but could not find a simple solution that worked. Finally, I found this post, tried it, and it worked.

Thanks all.

For users who have Drupal 6.x installed in the root directory of the domain, do the following:

The ONLY thing you need to do to gain http access to a sub-directory in your domain if Drupal 6.x is installed in the domain’s root is to create and add an .htaccess file containing the following single line of code to the sub-directory.

.htaccess file

ErrorDocument 401 "Unauthorized"

My particular situation:

Drupal 6.10 installed in the root of mydomain.com.
Clean URLs enabled and using the third party pathauto module.

Needed to allow customer access to:

mydomain.com/customers/customer-xxx (ect...)

where each of the individual mydomain.com/customers/customer-xxx sub-directories are username / password protected.

Note, these mydomain.com/customers/customer-xxx password protected sub-directories already existed before the Drupal installation, so I did not have to do anything to them.

I needed to allow customer access to the mydomain.com/customers/customer-xxx sub-directories, so I created and added the above mentioned .htaccess file to only the mydomain.com/customers/ sub-directory.

That's it. It all worked from then on.

Optional Change

If you also want to have access to an index.html file located in the root directory along side with the Drupal's index.php file, then modify the root directory's .htaccess file as follows:

Add the index.html file name to the DirectoryIndex line.

Before Modification of the .htaccess file

# Set the default handler.
DirectoryIndex index.php

After Modification of the .htaccess file

# Set the default handler.
DirectoryIndex index.php index.html


darkpollo’s picture

I have tested with all the content of this post and still nothing...

I have tried renaming the sites folder and deleting the htaccess, simulating no drupal in the root folder, but then i get an error 500 internal server and i cannot access.

I need to install an SMF forum after an installation of a Drupal 6.*

Need help.


klezmer41’s picture

Any luck with this yet? I'm having the same issue...

elcapitan82’s picture

After trying all the .htaccess modifications with no result, I gained access to the files in a subfolder by recreating the folder via cPanels file manager, instead of in the FTP client. It turns out my .htaccess settings were fine from the start.

More here:

CasaDelGato’s picture

I have a subdirectory "work" off the root of my site. This is a multi-site Drupal 6 setup. (Dreamhost host)
I need to allow people to access files in this directory via direct URL's.
So far, I've tried lots of the suggestions, and none of them worked.
I don't have an index.html (or other) there.
I just want to get direct access to the files.
The fun part is that this USED to work, but some upgrade in the past year or so seems to have broken it.