More secure? (I think FilesMatch only to existing files that really end in "
.php", but I'm not 100% sure yet)
Not sure yet.HTTP Basic Authentication does not work for PHP scripts. Cookie auth works.
To avoid what looks like a "subdirectory move" to Rewrite, one might use
ProxyPass) instead of
Action, as proposed in https://wiki.apache.org/httpd/PHP-FPM
Security risks, see bottom of https://wiki.apache.org/httpd/PHP-FPM
Not sure if HTTP Basic Authentication works for PHP script.
FastCgiExternalServer / Action approach
Works before Apache 2.4.10
HTTP Basic Authentication works for PHP scripts.
Definitely evaluated late enough to allow for .htaccess Rewrite orgies, but works as a Rewrite itself which can lead to Rewrite loops.
Complicated to configure.
Works as a Rewrite itself which can lead to Rewrite loops.
This was the first almost-satisfying approach I found, but it has major disadvantages.