.htaccess Verzeichnisschutz und typo3 .htaccess

Servus,
habe folgendes Problem:
Derzeit nutze ich im root-Verzechnis meines Webspaces eine .htaccess datei, die jeden Besucher auf/in ein bestimmtes Verzeichnis weiterleitet. Soweit so gut.
Da ich nun Typo3 als CMS einsetzen möchte und -bis die Seite fertig ist- das typo-Verzeichnis mit einem Passwortschutz via .htaccess schützen möchte, habe ich folgende Dateien angelegt bzw. modifiziert.

root-Verzeichnis
cms/ – CMS-Verzeichnis
App/
.htaccess ( hier ist die Weiterleitung auf das bestehendes App Verzeichnis drin)

cms:
.htaccess <- Am Anfang der Datei stehen die Angaben zum Verzeichnisschutz
.htpaswwd
restliche Typo-Dateien

.htaccess-datei im cms-Verzeichnis bearbeitet
Verzeichnisschutzangaben eingefügt <- funktioniert
Nach der erfolgreichen Anmeldung bekomme ich aber einen Konfigurationsfehler ( Statuscode 500).

Hat jemand Erfahrung mit Typo3 und bplaced ? ( Ja ich weiß ,für so ein Enterprise-System ist bplaced nicht die 100%tige richtige Wahl :smiley: . Ist nur ein kleines Projekt)

Danke für die Hilfe!

Typo3-Version: 7.6.10

******Da keine Text-Datei erlaubt ist hier ein Auszug aus der .htaccess *******

AuthType Basic
AuthName "CMS"
AuthUserFile username/www/cms/.htpasswd
require user user

------------------------------------------------------------------------------

| CORS-enabled images |

------------------------------------------------------------------------------

SetEnvIf Origin ":" IS_CORS Header set Access-Control-Allow-Origin "*" env=IS_CORS

------------------------------------------------------------------------------

| Web fonts access |

------------------------------------------------------------------------------

Header set Access-Control-Allow-Origin "*"

------------------------------------------------------------------------------

| 404 error prevention for non-existing redirected folders |

------------------------------------------------------------------------------

#Options -MultiViews

------------------------------------------------------------------------------

| Force IE to render pages in the highest available mode in the various |

------------------------------------------------------------------------------

Header set X-UA-Compatible "IE=edge" Header unset X-UA-Compatible

------------------------------------------------------------------------------

| Proper MIME types for all files |

------------------------------------------------------------------------------

# Data interchange
AddType application/atom+xml                        atom
AddType application/json                            json map topojson
AddType application/ld+json                         jsonld
AddType application/rss+xml                         rss
AddType application/vnd.geo+json                    geojson
AddType application/xml                             rdf xml

# JavaScript
AddType application/javascript                      js

# Manifest files
AddType application/manifest+json                   webmanifest
AddType application/x-web-app-manifest+json         webapp
AddType text/cache-manifest                         appcache

# Media files

AddType audio/mp4                                   f4a f4b m4a
AddType audio/ogg                                   oga ogg opus
AddType image/bmp                                   bmp
AddType image/svg+xml                               svg svgz
AddType image/webp                                  webp
AddType video/mp4                                   f4v f4p m4v mp4
AddType video/ogg                                   ogv
AddType video/webm                                  webm
AddType video/x-flv                                 flv
AddType image/x-icon                                cur ico

# Web fonts
AddType application/font-woff                       woff
AddType application/font-woff2                      woff2
AddType application/vnd.ms-fontobject               eot
AddType application/x-font-ttf                      ttc ttf
AddType font/opentype                               otf

# Other
AddType application/octet-stream                    safariextz
AddType application/x-bb-appworld                   bbaw
AddType application/x-chrome-extension              crx
AddType application/x-opera-extension               oex
AddType application/x-xpinstall                     xpi
AddType text/vcard                                  vcard vcf
AddType text/vnd.rim.location.xloc                  xloc
AddType text/vtt                                    vtt
AddType text/x-component                            htc

------------------------------------------------------------------------------

| UTF-8 encoding |

------------------------------------------------------------------------------

AddDefaultCharset utf-8

AddCharset utf-8 .atom .css .js .json .manifest .rdf .rss .vtt .webapp .webmanifest .xml

------------------------------------------------------------------------------

| Rewrite engine |

------------------------------------------------------------------------------

# Enable URL rewriting
RewriteEngine On

# Store the current location in an environment variable CWD to use
# mod_rewrite in .htaccess files without knowing the RewriteBase
RewriteCond $0#%{REQUEST_URI} ([^#]*)#(.*)\1$
RewriteRule ^.*$ - [E=CWD:%2]

# Rules to set ApplicationContext based on hostname
#RewriteCond %{HTTP_HOST} ^dev\.example\.com$
#RewriteRule .? - [E=TYPO3_CONTEXT:Development]
#RewriteCond %{HTTP_HOST} ^staging\.example\.com$
#RewriteRule .? - [E=TYPO3_CONTEXT:Production/Staging]
#RewriteCond %{HTTP_HOST} ^www\.example\.com$
#RewriteRule .? - [E=TYPO3_CONTEXT:Production]

# Rule for versioned static files, configured through:
# - $GLOBALS['TYPO3_CONF_VARS']['BE']['versionNumberInFilename']
# - $GLOBALS['TYPO3_CONF_VARS']['FE']['versionNumberInFilename']
# IMPORTANT: This rule has to be the very first RewriteCond in order to work!
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.+)\.(\d+)\.(php|js|css|png|jpg|gif|gzip)$ $1.$3 [L]

# Access block for folders
RewriteRule _(?:recycler|temp)_/ - [F]
RewriteRule fileadmin/templates/.*\.(?:txt|ts)$ - [F]
RewriteRule typo3temp/logs/ - [F]
RewriteRule ^(vendor|typo3_src) - [F]
RewriteRule (?:typo3conf/ext|typo3/sysext|typo3/ext)/[^/]+/(?:Configuration|Resources/Private|Tests?)/ - [F]

# Access block for files or folders starting with a dot
RewriteCond %{SCRIPT_FILENAME} -d [OR]
RewriteCond %{SCRIPT_FILENAME} -f
RewriteRule (?:^|/)\. - [F]

# Stop rewrite processing, if we are in the typo3/ directory or any other known directory
# NOTE: Add your additional local storages here
RewriteRule (?:typo3/|fileadmin/|typo3conf/|typo3temp/|uploads/|favicon\.ico) - [L]

# If the file/symlink/directory does not exist => Redirect to index.php.
# For httpd.conf, you need to prefix each '%{REQUEST_FILENAME}' with '%{DOCUMENT_ROOT}'.
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-l
RewriteRule ^.*$ %{ENV:CWD}index.php [QSA,L]

------------------------------------------------------------------------------

| Block access to directories without a default document. |

------------------------------------------------------------------------------

Options -Indexes

------------------------------------------------------------------------------

| Block access to hidden files and directories. |

------------------------------------------------------------------------------

RewriteCond %{SCRIPT_FILENAME} -d [OR] RewriteCond %{SCRIPT_FILENAME} -f RewriteRule "(^|/)\." - [F]

------------------------------------------------------------------------------

| Block access to backup and source files. |

------------------------------------------------------------------------------

<FilesMatch “(?i:^.|^#.#|^(?:ChangeLog|ToDo|Readme|License)(?:.md|.txt)?|^composer.(?:json|lock)|^ext_conf_template.txt|^ext_typoscript_constants.txt|^ext_typoscript_setup.txt|flexform[^.].xml|locallang[^.].(?:xml|xlf)|.(?:bak|co?nf|cfg|ya?ml|ts|dist|fla|in[ci]|log|sh|sql(?:…)?|sw[op]|git.)|.(?:~|rc))$”>
# Apache < 2.3
<IfModule !mod_authz_core.c>
Order allow,deny
Deny from all
Satisfy All

# Apache ≥ 2.3
<IfModule mod_authz_core.c>
    Require all denied
</IfModule>

------------------------------------------------------------------------------

| Block access to vcs directories. |

------------------------------------------------------------------------------

RedirectMatch 404 /\.(?:git|svn|hg)/

------------------------------------------------------------------------------

| Compression |

------------------------------------------------------------------------------

SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding AddOutputFilterByType DEFLATE application/atom+xml \ application/javascript \ application/json \ application/ld+json \ application/manifest+json \ application/rdf+xml \ application/rss+xml \ application/schema+json \ application/vnd.geo+json \ application/vnd.ms-fontobject \ application/x-font-ttf \ application/x-javascript \ application/x-web-app-manifest+json \ application/xhtml+xml \ application/xml \ font/eot \ font/opentype \ image/bmp \ image/svg+xml \ image/vnd.microsoft.icon \ image/x-icon \ text/cache-manifest \ text/css \ text/html \ text/javascript \ text/plain \ text/vcard \ text/vnd.rim.location.xloc \ text/vtt \ text/x-component \ text/x-cross-domain-policy \ text/xml AddEncoding gzip svgz

------------------------------------------------------------------------------

| ETag removal |

------------------------------------------------------------------------------

Header unset ETag FileETag None

------------------------------------------------------------------------------

| Expires headers (for better cache control) |

------------------------------------------------------------------------------

ExpiresActive on
ExpiresDefault                                      "access plus 1 month"

ExpiresByType text/css                              "access plus 1 year"

ExpiresByType application/json                      "access plus 0 seconds"
ExpiresByType application/ld+json                   "access plus 0 seconds"
ExpiresByType application/schema+json               "access plus 0 seconds"
ExpiresByType application/vnd.geo+json              "access plus 0 seconds"
ExpiresByType application/xml                       "access plus 0 seconds"
ExpiresByType text/xml                              "access plus 0 seconds"

ExpiresByType image/vnd.microsoft.icon              "access plus 1 week"
ExpiresByType image/x-icon                          "access plus 1 week"

ExpiresByType text/x-component                      "access plus 1 month"

ExpiresByType text/html                             "access plus 0 seconds"

ExpiresByType application/javascript                "access plus 1 year"
ExpiresByType application/x-javascript              "access plus 1 year"
ExpiresByType text/javascript                       "access plus 1 year"

ExpiresByType application/manifest+json             "access plus 1 week"
ExpiresByType application/x-web-app-manifest+json   "access plus 0 seconds"
ExpiresByType text/cache-manifest                   "access plus 0 seconds"

ExpiresByType audio/ogg                             "access plus 1 month"
ExpiresByType image/bmp                             "access plus 1 month"
ExpiresByType image/gif                             "access plus 1 month"
ExpiresByType image/jpeg                            "access plus 1 month"
ExpiresByType image/png                             "access plus 1 month"
ExpiresByType image/svg+xml                         "access plus 1 month"
ExpiresByType image/webp                            "access plus 1 month"
ExpiresByType video/mp4                             "access plus 1 month"
ExpiresByType video/ogg                             "access plus 1 month"
ExpiresByType video/webm                            "access plus 1 month"

ExpiresByType application/atom+xml                  "access plus 1 hour"
ExpiresByType application/rdf+xml                   "access plus 1 hour"
ExpiresByType application/rss+xml                   "access plus 1 hour"

ExpiresByType application/vnd.ms-fontobject         "access plus 1 month"
ExpiresByType font/eot                              "access plus 1 month"
ExpiresByType font/opentype                         "access plus 1 month"
ExpiresByType application/x-font-ttf                "access plus 1 month"
ExpiresByType application/font-woff                 "access plus 1 month"
ExpiresByType application/x-font-woff               "access plus 1 month"
ExpiresByType font/woff                             "access plus 1 month"
ExpiresByType application/font-woff2                "access plus 1 month"

ExpiresByType text/x-cross-domain-policy            "access plus 1 week"