I am trying to use the .htaccess to exclude all files except the /index.php file and the url without the index.php file. I am using the following following:
#.htaccess
#Look for php before html
DirectoryIndex index.php index.html
<Files *>
AuthType Basic
AuthName "Sorry, Restricted Files"
AuthUserFile /home/Documents/SystemFiles/apache/passwords
Require user myuser
</Files>
<Files "index.php">
Order Deny,Allow
Allow from All
Satisfy any
</Files>
Right now everything is password protected except /index.php. However, what I would like to do is have it so that both www.site.com/ and www.site.com/index.php are not password protected. As it stands now www.site.com/ is password protected while www.site.com/index.php is not.
Thanks
UPDATED!!!!
I found this that solved my problem:
getting "authentication required" when requesting / instead of /index.php
Related
In order to avoid access for specific files that are still under construction, I wrote these lines in the website root .htaccess. This worked perfectly:
<FilesMatch "login.php|reset.php|raport.php">
AuthUserFile /home/myaccount/public_html/.htpasswd
AuthType Basic
AuthName "Restricted area"
Require valid-user
</FilesMatch>
Afterwards, I installed phpBB under /forum. When I try to access its login page... I must authenticate first.
My big question is how to modify the FilesMatch condition in order to apply it for login.php in the website root, but not for login.php in other folders.
Thank you in advance!
You could use SetEnvIf against the URI only form root like this :
SetEnvIf Request_URI "^/?(login|reset|raport)\.php" PASS
AuthUserFile /home/myaccount/public_html/.htpasswd
AuthType Basic
AuthName "Restricted area"
Order Deny,Allow
Deny from all
Satisfy any
Require valid-user
Allow from env=!PASS
So , form here SetEnvIf Request_URI "^/?(login|reset|raport)\.php you make sure that the URI is starting with login|reset|raport only and not sub-directory .
i wanted for a Magento staging system a simple user authentication. So i made the following .htaccess combination. My problem now is that if i enabled this my app/etc/local.xml file is visible for everyone which enters the correct credentials or visits the site from a specific ip-address.
For everyone who is not into Magento. The .htaccess & .htpasswd is in the root folder in the folder /app/ is another .htaccess file with the following content
Order deny,allow
Deny from all
This is the snippet of my .htaccess authentication:
<If "%{REMOTE_ADDR} != '127.0.0.1'">
AuthName "DEV"
AuthUserFile /path/to/.htpasswd
AuthType Basic
Require valid-user
Order Deny,Allow
Deny from all
Allow from 123.456.789.0
Allow from 123.456.789.1
Allow from 123.456.789.2
Allow from 123.456.789.3
Satisfy Any
</If>
Thank you in advance!
Cheers Tobias
I have a .htpasswd file in the root of my domain and a .htaccess file which should protect a single index.php file. Unfortunately it appears asif index.php files in subdirectories are also protected.
Is it possible to make this work on a single file and leave files in subdirectories untouched?
This is my current .htaccess file.
<Files "index.php">
AuthName "Users zone"
AuthType Basic
AuthUserFile /home/deb69824/domains/.htpasswd
require valid-user
</Files>
Interesting problem. Using Files or FilesMatch won't help you since that only matches file names irrespective of the directory files reside in. Unfortunately Location directive is not allowed in .htaccess file.
Luckily there is a directive that you can make use of here, i.e. mod_setenvif
# set env variable if URI is /index.php
SetEnvIf Request_URI "^/index\.php$" HOME_INDEX
# use BASIC authentication only when env variable HOME_INDEX is set
AuthType Basic
Authname "Users zone"
AuthUserFile /home/deb69824/domains/.htpasswd
Require valid-user
Satisfy any
Order allow,deny
Allow from all
Deny from env=HOME_INDEX
Include a slash, which indicates the exact location of the file, e.g. in the root of the directory?
<Files "./index.php">
AuthName "Users zone"
AuthType Basic
AuthUserFile /home/deb69824/domains/.htpasswd
require valid-user
</Files>
I have a Basic Authentication setup on a development server. It is setup inside my httpd.conf file for the VirtualHost of the website. I've had to set up it to exclude certain directories, which has caused no problems and all works fine.
The issue has been with excluding a URL that has been through my mod_rewrite rules in the .htaccess file. My set up is that I have all URLs going through my index.php file and from there the relevant code is found and ran. I tried adding the URL that I wanted to exclude (/businesses/upload_logo) like I did the others but it still requires authentication. This is what I currently have:
...
<Location />
SetEnvIf Request_URI "/businesses/upload_logo" noauth=1
SetEnvIf Request_URI "/api/.*" noauth=1
AuthType Basic
AuthName "Private"
AuthUserFile ****
Require valid-user
Order deny,allow
Satisfy any
Deny from all
Allow from env=noauth
</Location>
....
I have found questions that are similar to mine here & here but the answers only give me what I'm already trying.
I have thought of possible other solutions as well, but these will be last resort things. I want to see if it's possible the way I'm currently doing it:
Set up the basic auth inside my php code instead
Too much hassle at the moment
Put the authentication in my .htaccess file instead
Didn't want to do this just yet as I only want the authentication to happen on one of 3 servers. I'm aware that I could use some more SetEnvIf HOST ... but I'm looking to see if it can be fixed this way or not first.
The mod_rewrite rule:
...
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule (.*) index.php [L,QSA]
Try adding
Allow from env=REDIRECT_noauth
For me something like this works like a charm:
<location />
SetEnvIf Request_URI "/businesses/upload_logo" REDIRECT_noauth=1
AuthType Basic
AuthName "Restricted Files"
AuthUserFile /etc/httpd/passwords/passwords
Order Deny,Allow
Satisfy any
Deny from all
Allow from env=REDIRECT_noauth
Require user yournickname
</location>
based on what you have given it should work, unless there is a conflicting directive somewhere else in your configuration.
i have made a similar working setup , just i have used filesystem path instead of URI
i am adding it here, hoping you may find it useful
<VirtualHost *:8989 >
<IfModule mod_auth_basic.c>
<Directory /var/www/html/vella-8989>
# the auth block
AuthType Basic
AuthName "Please login."
AuthUserFile /var/www/html/vella-8989/.htpasswd
require valid-user
Order Deny,Allow
Satisfy any
Deny from all
Require valid-user
Allow from env=noauth
</Directory>
</IfModule>
# set an environtment variable "noauth" if the request has "/callbacks/"
SetEnvIf Request_URI "/callbacks/" noauth=1
ServerName vella.com
ServerSignature off
</VirtualHost>
On my server I have the following .htaccess file:
DirectoryIndex index.php
AuthType Basic
AuthName "Password Required"
AuthUserFile /var/www/webinterface/.htpasswd
Options +FollowSymLinks
Require valid-user
<Files index.php>
Satisfy any
Allow from *
</Files>
If I request the URL "IP-ADDRESS/index.php", everything works fine, I get the index.php displayed without an authentication prompt. However as soon as I request "IP-ADDRESS/" the browser asks me for my credentials.
Why is this the case? What am I missing?
Try replacing the block to use mod_setenvif to check the request URI instead of using <Files>. The mod_auth* modules has precedence over mod_dir so the mapping from / to /index.php doesn't happen until after the auth takes place. Mod_setenvif will occur before the auth. Try:
SetEnvIf Request_URI "^/$" allow=yes
SetEnvIf Request_URI "^/index.php$" allow=yes
AuthType Basic
AuthName "Password Required"
AuthUserFile /var/www/webinterface/.htpasswd
Options +FollowSymLinks
Order Deny,Allow
Satisfy any
Deny from All
Require valid-user
Allow from env=allow
If the requested URI is exactly / or /index.php, the variable allow gets set. The stuff after the Auth lines say to deny everything except a valid user or if the variable allow has been set.