Reputation: 33378
CakePHP: How to allow password access to one directory with .htaccess
In my CakePHP app, I have a directory of files which I want to allow direct access to with a username/password. For reasons that are overly complicated, placing the directory inside the /webroot folder is not an option. My folder is located here:
/app/parent_folder/folder_full_of_files
So I want to be able to access files directly like this:
http://mysite.com/app/parent_folder/folder_full_of_files/some_file.pdf
I think I need to modify the .htaccess file in the root, and also add another .htaccess file and .htpasswd file in the folder_full_of_files
I have already found this post which asks a similar question... but I can't translate it to my application.
- How do I need to modify the root .htaccess file?
What should be in the new .htaccess file. Here's what I've tried, but just results in 500 error...
AuthType Basic AuthName "restricted area" AuthUserFile /bla/bla/mysite/app/parent_folder/folder_full_of_files/.htpasswd require valid-userWhat is the correct way to encrypt the password in the .htaccess file?
Upvotes: 1
Views: 1126
Answers (2)
Reputation: 33378
I got this to work. I had to do a couple things...
I added this to the
.htaccessfile in root:RewriteCond %{REQUEST_URI} !^/app/parent_folder/folder_full_of_filesAs @Jon pointed out, my original version above had a mistake (
[L]).I also have an
.htaccessfile in my/appdirectory. This might be a quirk about my installation because it is not 100% standard. I can't remember if it's there by default, so I'm mentioning it just in case. IF you don't have one in/appskip this step.I added this to an
.htaccessfile in the/folder_full_of_files:AuthType Basic AuthName "restricted area" AuthUserFile /bla/bla/mysite/.htpasswd require valid-userMake sure the path after
AuthUserFileis a fully-qualified path to the.htpasswdfile (see next step).Create the actual
.htpasswdfile. It's not supposed to be under the document root, but mine is. I think the most important thing is that it's not inside/webroot. I used this command from the terminal and it created the file:htpasswd -c /path/where/it/should/go/.htpasswd whatever_usernameIt asks for a plain text password which gets encrypted and written into the file.
That's it. One annoying "gotcha" is that the path in the .htaccess to the auth file must be absolute, which means it will probably have to be edited when moving between local testing and production (unless the two environments are exactly the same). It would be less clunky if relative paths were allowed.
Upvotes: 1
Reputation: 143916
- You don't need to modify the htaccess file in your document root at all
- Make sure you have
AllowOverride AuthConfigorAllowOverride Allconfigured for your/app/parent_folder/folder_full_of_files/directory. Make sure that the directory also has a properly generated htpasswd file (named.htpasswd). You need to use the htpasswd program to generate it, or any number of online generators.
Upvotes: 0
Related Questions
- How to avoid unauthorized access to Files inside CakePHP's webroot folder using ACL?
- Password Protection with htaccess with Yii Framework
- Password protect Laravel subfolder with htaccess
- How to configure in Apache an exception to password protection for a CakePhp App?
- CakePHP: how to allow public access to files in a directory besides /webroot
- CakePHP access restricted files after authentication
- CakePHP allowing, denying access using Auth
- How do I require a password for access to a folder in php
- Cakephp 2.0 Auth AND Basic Authentication
- Cakephp Password Protection with htaccess and htpasswd - howto?