Options -Indexes RewriteEngine On # Exclude the public and error directories from authentication RewriteRule ^(public|error)($|/) - [L] # Perform authentication via php RewriteCond %{REQUEST_FILENAME} !../getfile.php RewriteCond %{REQUEST_FILENAME} -f RewriteRule ^(.*)$ ../getfile.php?id=%{REQUEST_FILENAME} [QSA,L] # pass everything auth php