I've got a fundamental .htaccess file which i have during my public_html directory. It's accustomed to rewrite all Web addresses from mydomain.com to www.mydomain.com.

For whatever reason, even if I add my password protected directory to my listing of sites not to rewrite towards the top of the file, it throws me to www.mydomain.com/401.shtml after i neglect to key in "www." within the URL.

public_html .htaccess file:

RewriteEngine On

#directories to not rewrite
RewriteRule ^(directory1|directory2) - [L]

#force http://www. to make sure SESSION data is always the same
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ http://www.mydomain.com/$1 [R,L]

#force https://www. to make sure SESSION data is always the same
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.mydomain.com/$1 [R,L]

password protected directory .htaccess file:

AuthType Basic
AuthName "AuthNameHere"
require valid-user
AuthUserFile "/path/to/password/file"