I'd like to protect the root with passwd and make the urlfriendly rewrite for modx. only the rewriting works but the password won't be requested.

my ispconfig nginx directives looks like this

location / {
index index.html index.php
auth_basic "Protected Area";
auth_basic_user_file /var/www/clients/client21/web22/web/htpasswd;
client_max_body_size 0;
if (!-e $request_filename) {
rewrite ^/(.*)$ /index.php?q=$1 last;
}
}

location ~ /\.ht {
deny all;
}

location ~ \.php$ {
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_read_timeout 600;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
client_max_body_size 0;
}

seems like the auth_basic won't be executed or overwriten by the rewrite rule. anyone got a idea?