I'm having a problem with removing "www." from URLs when a directory is protected with Basic Authentication. The following lines for .htaccess (or slight variations) are found everywhere on the web.

"RewriteCond %{HTTP_HOST} ^www\.(.*) [NC]"
"RewriteRule ^(.*) h ttp://%1/$1 [R=301,L]" <- I had to insert a space into "http" for the post

They work great except when a folder is protected. All of these work fine:

xyz.com --> xyz.com
www.xyz.com --> xyz.com
xyz.com/a/ --> xyz.com/a/
www.xyz.com/a/ --> xyz.com/a/

If Basic Authentication set on for folder "b", this works fine: credentials are requested and accepted.

xyz.com/b/ --> xyz.com/b/

For the following, with FF5, Chrome13, Safari5, I get a credential request with www.xyz.com as the domain and then a second one with xyz.com as the domain then I see the page. With IE9, all I get is an error page every time.

www.xyz.com/b/ --> error with IE9!

Is there something I can do differently in .htaccess? Ideally I'd like to get only one request for credentials. [Note: I don't need to hear "Don't use IE9"]

Second problem: If I have a custom error page "ErrorDocument 401 /error.php" set, then the error page always get called with a $_SERVER["REDIRECT_STATUS"] of 200 when www.xyz.com/b/ is requested. This happens on IE9, FF5, Chrome13, and Safari5. It doesn't happen with requests for xyz.com/b/.

Thanks for any suggestions,
Don