Torben
Reputation: 5494
.htaccess - Disable basic auth for specific path
I run a testsystem with a htaccess basic auth:
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /var/www/html/.htpasswd
Require valid-user
I now want to disable this auth for all user who target the /api and /api/orders etc. of this server. I tried it with this:
SetEnvIf Request_URI "/api(.*)$" api_uri
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /var/www/html/.htpasswd
Require valid-user
Deny from all
Allow from env=api_uri
Satisfy any
But this does not work - mod_setenvif is enabled. Does anybody have an idea why this is not working?
Thanks!
Upvotes: 3
Views: 5750
Answers (2)
Álvaro González
Reputation: 146450
I normally just add a separate .htaccess file inside the api folder:
Satisfy any
Upvotes: 1
anubhava
Reputation: 785108
Have it this way:
SetEnvIf Request_URI /api api_uri
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /var/www/html/.htpasswd
Require valid-user
Satisfy any
Order deny,allow
Deny from all
Allow from env=api_uri
Upvotes: 3
Related Questions
- htaccess exclude multiple url from Basic Auth
- htaccess exclude one url from Basic Auth
- htaccess File Basic Auth applying to other pages
- htaccess basic auth allow only one directory
- htaccess exclude file require auth
- Apache Basic Auth only for Requests with URL Path
- Use basic auth for different URIs in a .htaccess file
- How to make Basic Auth exclude a rewritten URL
- Using Basic Authentication (htaccess) to restrict access to a specific URL
- What is apache htaccess configuration to require authentication for all except for these URLs?