htaccess - How to exclude one folder of the restricted area - apache

My .htaccess looks like that:
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /var/www/.htpasswd
AuthGroupFile /dev/null
require valid-user
Now I want to exclude the folder "test" from the restricted area, I tried to add this:
<Directory /var/www/test/*/>
Allow from all
Satisfy any
</Directory>
But then I get a 500 Internal Server Error. What can I do?

<Directory> isn't allowed in .htaccess actually.
You can resolve it by creating a /test/.htaccess with this 1 line:
Satisfy any

Related

In htaccess, how to apply FilesMatch only to files in website root

In order to avoid access for specific files that are still under construction, I wrote these lines in the website root .htaccess. This worked perfectly:
<FilesMatch "login.php|reset.php|raport.php">
AuthUserFile /home/myaccount/public_html/.htpasswd
AuthType Basic
AuthName "Restricted area"
Require valid-user
</FilesMatch>
Afterwards, I installed phpBB under /forum. When I try to access its login page... I must authenticate first.
My big question is how to modify the FilesMatch condition in order to apply it for login.php in the website root, but not for login.php in other folders.
Thank you in advance!
You could use SetEnvIf against the URI only form root like this :
SetEnvIf Request_URI "^/?(login|reset|raport)\.php" PASS
AuthUserFile /home/myaccount/public_html/.htpasswd
AuthType Basic
AuthName "Restricted area"
Order Deny,Allow
Deny from all
Satisfy any
Require valid-user
Allow from env=!PASS
So , form here SetEnvIf Request_URI "^/?(login|reset|raport)\.php you make sure that the URI is starting with login|reset|raport only and not sub-directory .

.htaccess File isnĀ“t working.

I want to protect the complete /var/www/html/* area with a Password, but exclude one File.
I tried this Code:
<Files *.*>
AuthType Basic
AuthName "Service-Login"
AuthUserFile /path/tomypasswdfile/...
Require valid-user
</Files>
<Files /index.alternetive.php>
#Order allow,deny
Require all granted
#Allow from All
#Allow from env=allow
#Satisfy any
</Files>
The Login is functioning, but for ALL files including the "index.alternetive.php"-File.
My apache2 is running on Ubuntu-Xenial.
Thanks Alot
Files doesn't work on path names, but only on file names. If you want a specific path, you must enclose it in a Directory directive or put it in a .htaccess where it belongs. In your case this seems to be the root directory
AuthType Basic
AuthName "Service-Login"
AuthUserFile /path/tomypasswdfile/...
Require valid-user
<Files index.alternetive.php>
Require all granted
</Files>
Also look at the spelling, e.g. alternetive vs alternative.
The file name is your problem. Change it to something like index_alternetive.php and that should work for you.

How to config htpasswd with htaccess

i want to make some pages password protected using .htpasswd
How can i do it ??
# Do the regex check against the URI here, if match, set the "require_auth" var
SetEnvIf Request_URI ^/product-category/ require_auth=true
# Auth stuff
AuthUserFile /home1/thetimh6/public_html/htpasswd
AuthName "Password Protected"
AuthType Basic
# Setup a deny/allow
Order Deny,Allow
# Deny from everyone
Deny from all
# except if either of these are satisfied
Satisfy any
# 1. a valid authenticated user
Require valid-user
# or 2. the "require_auth" var is NOT set
Allow from env=!require_auth
I am try it in my htaccess file but it is showing me
500 Server Error
Put the following code in .htaccess in public_html
AuthType Basic
AuthName "Password Protected Area"
AuthUserFile /path/to/.htpasswd
Require valid-user
Then create a .htpasswd, but put it OUTSIDE public_html
So the /path/to/.htpasswd is pointing to that location
It's quite possible I'm thinking too simple here, but shouldn't the code:
AuthUserFile /home1/thetimh6/public_html/htpasswd
be:
AuthUserFile /home1/thetimh6/public_html/.htpasswd

htaccess restrict authentification but exception on file

I've seen a few other relative posts but didn't find any solution.
I need to restrict a folder with authentification, it works.
But in this folder I need to keep one file access opened to everybody, I used this but it doesn't works :
AuthName "Admins Only"
AuthUserFile /home/dd/.htpasswd
AuthGroupFile /dev/null
AuthType basic
require user AuthorizedUser
Options -Indexes
<Files "admin-ajax.php">
Allow from all
Satisfy all
</Files>
Sorry for my bad english and thanks for help !
use SetEnv and Order directive :
#set variable if uri is "/admin-ajax.php"
SetEnvIf Request_URI ^/folder/admin-ajax\.php noauth=1
#auth
AuthName "Admins Only"
AuthUserFile /home/dd/.htpasswd
AuthGroupFile /dev/null
AuthType basic
require user AuthorizedUser
#Here is where we allow/deny
Order Deny,Allow
Satisfy any
Deny from all
Require user AuthorizedUser
Allow from env=noauth
This will let you access your admin-ajax.php without login to server.

How would I require a password for all files except one using .htaccess?

I have a new website I'm working on that the client wants to keep a secret, but at the same time, I want to put an under construction page with some info on it. I would like to have everything except index.html require a user/password--index.html would be available to everyone.
I have the following, but I'm not sure what I need to add:
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /path/to/file/.htpasswd
AuthGroupFile /dev/null
require valid-user
There are too many files and possibly new files to say "for this set of files require a user/password".
I think it has something to do with something similar to:
<Files index.html>
order deny,allow
allow from all
</Files>
But I'm not exactly sure how.
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /path/to/file/.htpasswd
AuthGroupFile /dev/null
<Files "*">
Require valid-user
</Files>
<Files "index.html">
Allow from all
Satisfy any
</Files>
I used empi response almost exactly, but I realized that I'm loading a logo and reset-min.css on the under construction page, so I modified it like the following:
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /home/examplecom/example.com/html/.htpasswd
AuthGroupFile /dev/null
<Files "*">
Require valid-user
</Files>
<FilesMatch "(index\.html|reset-min\.css|logo-temp\.gif)$">
Allow from all
Satisfy any
</FilesMatch>
have you tried reversing the order to first allow, then deny?
For further reading: apache htaccess directive are a good reference.