If you’re trying to password protect a subdirectory of your Drupal website using the traditional .htaccess and .htpassword method, you might be having trouble accessing the contents of the subdirectory. When trying to navigate to a page under the subfolder, Drupal simply displays it as not found.
There is a very easy fix for this. Simply add this line at the top of your .htaccess file:
ErrorDocument 401 “Unauthorized”
This must be done for every single subdirectory containing the .htaccess and .htpasswd files.
Your final .htaccess file would look something like this:
ErrorDocument 401 "Unauthorized" AuthUserFile /locationofyoursubdirectory/.htpasswd AuthGroupFile /dev/null AuthName "Secure Document" AuthType Basic require user user1 require user user2 require user user3 require user user4 require user user5
After inserting that small line at the top of your .htaccess file, your subdirectories should be password protected but accessible, like intended.