I have a Drupal site that is set up with friendly urls. The customer would like to add an extra layer of protection and secure any page that has /admin in it with basic authentication through Apache (.htaccess/.htpasswd).
So what I've done so far is set up a /admin folder and placed a .htaccess file in there with the contents:
AuthName "Admin Login"
RewriteRule ^(.*)$ /index.php?q=/admin/$1 [L,QSA]
This works just fine. You go anywhere in /admin/* and it prompts for a login through Apache.
However, if you modify the url to Drupal's typical page call model:
You don't get prompted for the login, which is obvious because you're never taken into the /admin folder. Any thoughts on how I could secure the direct call to index.php as well?