I'm running a Wiki written in PHP on a Apache/CGI system. Accessing the file 'index.php' directly (or any other PHP file, for that matter) bypasses basic authentication and no username/password is requested, even though 'index.php' is in the protected directory. HTML and other files do require user authentication, so I know that .htaccess/.htpasswd generally works. The CGI (vs. Module) implementation means that I don't have "hooks" into the Apache .htaccess authentication globals. Is there a way to force .htaccess style basic authentication before a PHP file in a protected directory is executed? I'd prefer not to modify my PHP application if I don't have to. Many, many thanks in advance for your much valued assistance!