Greg
Greg

Reputation: 34838

What is apache htaccess configuration to require authentication for all except for these URLs?

What is the htaccess lines/config I would require to ensure that all parts of my site (files & URLs) are protected by authentication, EXCEPT for a given limited set of URLs. For example all except "/api/.*" if this makes sense.

The actually authentication could be like the below, but it's how I wrap this in the directives...

AuthName "Dialog prompt" AuthType 
Basic AuthUserFile
/home/site/.htpasswd Require
valid-user

thanks

Upvotes: 0

Views: 1349

Answers (2)

Gumbo
Gumbo

Reputation: 655845

You could use SetEnvIf and <IfDefine>:

SetEnvIf Request_URI ^/api/ no_auth_req
# If no_auth_req is NOT defined then require authentication
<IfDefine !no_auth_req>
    AuthName "Dialog prompt"
    AuthType Basic
    AuthUserFile /home/site/.htpasswd
    Require valid-user
</IfDefine>

Upvotes: 1

Greg
Greg

Reputation: 34838

this seems to work:

AuthUserFile /home/.htpasswd
AuthName "Password Protected"
authtype Basic
Order Deny,Allow
Satisfy any
SetEnvIf request_uri "/api/" allow_all
Deny from all
Require valid-user
Allow from env=allow_all

Upvotes: 1

Related Questions