CODEWITHSUNDEEP
apache.htaccesscakephppassword-protectionlocationmatch
Roman Ganz
Roman Ganz

Reputation: 1571

How to configure in Apache an exception to password protection for a CakePhp App?

I have a CakePHP Application which I want to protect with a password. The tricky thing is, that all files/locations should be only accessible with a password EXCEPT one specific Address (a function withing a CakePHP-controller)

The Address is like that:

http://example.com/MyApp/MyController/MyFunction?MyParam=MyValue

All other locations should be only accessible with a password

http://example.com/MyApp/MyController/MyOtherFunction
http://example.com/MyApp/MyController/MyOtherFunction
http://example.com/MyApp/MyOtherController/MyOtherFunction

Well, I tried it first in the root .htaccess-File, but the whole rewrite-thing of CakePHP makes it very difficult and in .htaccess-Files are no <LocationMatch> directive allowed. So I tried it with <FilesMatch>, but the real File is always the same: index.php. mod_rewrite rewrites all Addresses to

http://example.com/MyApp/app/webroot/index.php?url=$1

In the next step I tried it in the apache-configuration and put there this section

<LocationMatch ^/MyApp/MyController/MyFunction.*>
  AuthType Basic
  AuthName "Secure Area"
  AuthUserFile /path/to/.htpasswd
  Require user MyUser
</LocationMatch>

Well the regex matched, but it was the wrong way. It protects MyFunction but not the rest.

Upvotes: 0

Views: 873

Answers (1)

Leo
Leo

Reputation: 6571

Are you using .htpasswd? You might be better using Cake Auth, then you can do this in the appropriate controller:

function beforeFilter() {
    $this->Auth->allow('MyFunction');
}

Upvotes: 2

Related Questions