Bad request 400 error on Backend actions with pretty url

i tried to hide frontend with htaccess. in frontend and backend all pages works good. but when i tried to login, create or update anything in backend it gaves "bad request (#400) unable to verify your data submission" error. when i disabled htaccess it works again.

i disabled rewrite url in backend but no chance. here is my htaccess

Options -Indexes

RewriteEngine on

<IfModule mod_rewrite.c>

#If the request starts with backend, then pass it through

RewriteCond %{REQUEST_URI} ^backend

RewriteRule ^ - [L,QSA]

RewriteCond %{REQUEST_URI} !/(frontend|backend)/web/(assets|css)/

RewriteCond %{REQUEST_URI} !(\.css|\.js|\.png|\.jpg|\.gif|robots\.txt|\.php)$ [NC]

RewriteCond %{REQUEST_URI} !(public|backend)

RewriteRule .* frontend/web/index.php [L]


It’s not related to .htaccess. It’s about CSRF validation. The code below is highly not recommended but if you must - use it:

public function beforeAction($action) {

    $this->enableCsrfValidation = false;

    return parent::beforeAction($action);


thanks for reply but when i disable htaccess it works normally. i disabled backend rewrite url in htaccess but why it still

gets error?

Sorry, I didn’t notice that.