Greg
Reputation: 34838
What is apache htaccess configuration to require authentication for all except for these URLs?
What is the htaccess lines/config I would require to ensure that all parts of my site (files & URLs) are protected by authentication, EXCEPT for a given limited set of URLs. For example all except "/api/.*" if this makes sense.
The actually authentication could be like the below, but it's how I wrap this in the directives...
AuthName "Dialog prompt" AuthType
Basic AuthUserFile
/home/site/.htpasswd Require
valid-user
thanks
Upvotes: 0
Views: 1349
Answers (2)
Gumbo
Reputation: 655845
You could use SetEnvIf and <IfDefine>:
SetEnvIf Request_URI ^/api/ no_auth_req
# If no_auth_req is NOT defined then require authentication
<IfDefine !no_auth_req>
AuthName "Dialog prompt"
AuthType Basic
AuthUserFile /home/site/.htpasswd
Require valid-user
</IfDefine>
Upvotes: 1
Greg
Reputation: 34838
this seems to work:
AuthUserFile /home/.htpasswd
AuthName "Password Protected"
authtype Basic
Order Deny,Allow
Satisfy any
SetEnvIf request_uri "/api/" allow_all
Deny from all
Require valid-user
Allow from env=allow_all
Upvotes: 1
Related Questions
- htaccess exclude multiple url from Basic Auth
- htaccess exclude one url from Basic Auth
- htaccess exclude file require auth
- .htaccess - Disable basic auth for specific path
- Apache Basic Auth only for Requests with URL Path
- .htaccess Auth and exclude one location (with mod_rewrite)
- Using Basic Authentication (htaccess) to restrict access to a specific URL
- htaccess: Conditional Authentication
- htaccess: only do [some lines of code] for one domain, no others
- Removing .htaccess Authentication Restrictions