Was given this code to use and used it without changing it
<FilesMatch "^(?!log_request\.php).*$">
AuthUserFile /protect/.htpasswd
AuthName "Tester's test test"
AuthType Basic
Require valid-user
</FilesMatch>
ErrorDocument 401 /log_request.php
I have no idea what the function of the FilesMatch "^(?!log_request.php).*$" line is but other than that the files should match. When i try to view the .htpasswd file i get Internal Server Error.
Try this code:
<FilesMatch "^(?!.*?log_request\.php).*$">
AuthUserFile /protect/.htpasswd
AuthName "Tester's test test"
AuthType Basic
Require valid-user
</FilesMatch>
ErrorDocument 401 /log_request.php
(?!...) is a negative lookahead that makes sure Basic Auth code is applied for all the files except log_request.php
Option 2 Use SetEnvIfNoCase:
SetEnvIfNoCase Request_URI "^/(?!log_request\.php).*" HANDLE401
AuthUserFile /protect/.htpasswd
AuthName "Tester's test test"
AuthType Basic
Require valid-user
Satisfy any
Order allow,deny
Allow from all
Deny from env=HANDLE401
You could use ErrorDocument 401 /log_request.php to send all those requests to some PHP script.
Take a look at this tutorial for more info: http://www.askapache.com/htaccess/htaccess-htpasswd-basic-auth.html
Related
In order to avoid access for specific files that are still under construction, I wrote these lines in the website root .htaccess. This worked perfectly:
<FilesMatch "login.php|reset.php|raport.php">
AuthUserFile /home/myaccount/public_html/.htpasswd
AuthType Basic
AuthName "Restricted area"
Require valid-user
</FilesMatch>
Afterwards, I installed phpBB under /forum. When I try to access its login page... I must authenticate first.
My big question is how to modify the FilesMatch condition in order to apply it for login.php in the website root, but not for login.php in other folders.
Thank you in advance!
You could use SetEnvIf against the URI only form root like this :
SetEnvIf Request_URI "^/?(login|reset|raport)\.php" PASS
AuthUserFile /home/myaccount/public_html/.htpasswd
AuthType Basic
AuthName "Restricted area"
Order Deny,Allow
Deny from all
Satisfy any
Require valid-user
Allow from env=!PASS
So , form here SetEnvIf Request_URI "^/?(login|reset|raport)\.php you make sure that the URI is starting with login|reset|raport only and not sub-directory .
I run a testsystem with a htaccess basic auth:
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /var/www/html/.htpasswd
Require valid-user
I now want to disable this auth for all user who target the /api and /api/orders etc. of this server. I tried it with this:
SetEnvIf Request_URI "/api(.*)$" api_uri
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /var/www/html/.htpasswd
Require valid-user
Deny from all
Allow from env=api_uri
Satisfy any
But this does not work - mod_setenvif is enabled. Does anybody have an idea why this is not working?
Thanks!
Have it this way:
SetEnvIf Request_URI /api api_uri
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /var/www/html/.htpasswd
Require valid-user
Satisfy any
Order deny,allow
Deny from all
Allow from env=api_uri
I normally just add a separate .htaccess file inside the api folder:
Satisfy any
i have a htacces protection for my current project:
<filesMatch "\.(htm|html|php)$">
AuthGroupFile /dev/null
AuthName "secured"
AuthType Basic
AuthUserFile /var/www/html/web/.htpasswd
require valid-user
</filesMatch>
The protcetion is working but my static files cames from aws cloudfront and some files are asking for the htaccess credentials too. What can i do to stop this?
Thank you very much.
AuthType Basic
AuthName "Restricted Area"
AuthUserFile /var/www/html/web/.htpasswd
AuthGroupFile /dev/null
Require valid-user
SetEnvIf Host cloudfront.net allow
SetEnvIf Request_URI "(status.php)$" allow
SetEnvIf Request_URI "(appredirect.html)$" allow
Order allow,deny
Allow from env=allow
Satisfy
This is the current setting but to allow the host cloudfront.net is not helping.
What is the htaccess lines/config I would require to ensure that all parts of my site (files & URLs) are protected by authentication, EXCEPT for a given limited set of URLs. For example all except "/api/.*" if this makes sense.
The actually authentication could be like the below, but it's how I wrap this in the directives...
AuthName "Dialog prompt" AuthType
Basic AuthUserFile
/home/site/.htpasswd Require
valid-user
thanks
this seems to work:
AuthUserFile /home/.htpasswd
AuthName "Password Protected"
authtype Basic
Order Deny,Allow
Satisfy any
SetEnvIf request_uri "/api/" allow_all
Deny from all
Require valid-user
Allow from env=allow_all
You could use SetEnvIf and <IfDefine>:
SetEnvIf Request_URI ^/api/ no_auth_req
# If no_auth_req is NOT defined then require authentication
<IfDefine !no_auth_req>
AuthName "Dialog prompt"
AuthType Basic
AuthUserFile /home/site/.htpasswd
Require valid-user
</IfDefine>
I have a new website I'm working on that the client wants to keep a secret, but at the same time, I want to put an under construction page with some info on it. I would like to have everything except index.html require a user/password--index.html would be available to everyone.
I have the following, but I'm not sure what I need to add:
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /path/to/file/.htpasswd
AuthGroupFile /dev/null
require valid-user
There are too many files and possibly new files to say "for this set of files require a user/password".
I think it has something to do with something similar to:
<Files index.html>
order deny,allow
allow from all
</Files>
But I'm not exactly sure how.
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /path/to/file/.htpasswd
AuthGroupFile /dev/null
<Files "*">
Require valid-user
</Files>
<Files "index.html">
Allow from all
Satisfy any
</Files>
I used empi response almost exactly, but I realized that I'm loading a logo and reset-min.css on the under construction page, so I modified it like the following:
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /home/examplecom/example.com/html/.htpasswd
AuthGroupFile /dev/null
<Files "*">
Require valid-user
</Files>
<FilesMatch "(index\.html|reset-min\.css|logo-temp\.gif)$">
Allow from all
Satisfy any
</FilesMatch>
have you tried reversing the order to first allow, then deny?
For further reading: apache htaccess directive are a good reference.