We Keep Coding

.htaccess - Disable basic auth for specific path

I run a testsystem with a htaccess basic auth:
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /var/www/html/.htpasswd
Require valid-user
I now want to disable this auth for all user who target the /api and /api/orders etc. of this server. I tried it with this:
SetEnvIf Request_URI "/api(.*)$" api_uri
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /var/www/html/.htpasswd
Require valid-user
Deny from all
Allow from env=api_uri
Satisfy any
But this does not work - mod_setenvif is enabled. Does anybody have an idea why this is not working?
Thanks!

Have it this way:
SetEnvIf Request_URI /api api_uri
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /var/www/html/.htpasswd
Require valid-user
Satisfy any
Order deny,allow
Deny from all
Allow from env=api_uri

I normally just add a separate .htaccess file inside the api folder:
Satisfy any

htaccess restrict authentification but exception on file

I've seen a few other relative posts but didn't find any solution.
I need to restrict a folder with authentification, it works.
But in this folder I need to keep one file access opened to everybody, I used this but it doesn't works :
AuthName "Admins Only"
AuthUserFile /home/dd/.htpasswd
AuthGroupFile /dev/null
AuthType basic
require user AuthorizedUser
Options -Indexes
<Files "admin-ajax.php">
Allow from all
Satisfy all
</Files>
Sorry for my bad english and thanks for help !

use SetEnv and Order directive :
#set variable if uri is "/admin-ajax.php"
SetEnvIf Request_URI ^/folder/admin-ajax\.php noauth=1
#auth
AuthName "Admins Only"
AuthUserFile /home/dd/.htpasswd
AuthGroupFile /dev/null
AuthType basic
require user AuthorizedUser
#Here is where we allow/deny
Order Deny,Allow
Satisfy any
Deny from all
Require user AuthorizedUser
Allow from env=noauth
This will let you access your admin-ajax.php without login to server.

.htaccess access conditional login based on DOMAIN

I haven't been able to find the right answer for this on StackOverflow, so I figured I would ask and hopefully others are looking for the same:
I am using the same .htacess for local, dev and prod and want to HTTP_AUTH our DEV box. Here is my htaccess:
RewriteEngine On
RewriteBase /
SetEnvIf Host "localenv" SITE_ENV=LOCAL
SetEnvIf Host "devdomain.com" SITE_ENV=DEV
SetEnvIf Host "proddomain.com" SITE_ENV=PROD
Order deny,allow
Satisfy any
Deny from SITE_ENV=DEV
AuthType Basic
AuthName "Access"
AuthUserFile /path/to/.htpasswd
Require valid-user
This works when I'm my local enviornment, but when I switch the Deny from SITE_ENV=DEV to Deny from SITE_ENV=LOCAL I don't get the authentication requirement anymore, which leads me to believe the code isn't working. I also have changed the AuthUserFile path to point to the local .htpasswd - but I figured this would show up in the logs if it couldn't find the .htpasswd file
Any guidance here?

You can use:
SetEnvIf Host "localenv" SITE_ENV=LOCAL
SetEnvIf Host "devdomain.com" SITE_ENV=DEV
SetEnvIf Host "proddomain.com" SITE_ENV=PROD
AuthType Basic
AuthName "Access"
AuthUserFile /path/to/.htpasswd
Require valid-user
Order Allow,Deny
Allow from all
Deny from SITE_ENV=DEV
Satisfy any

What is apache htaccess configuration to require authentication for all except for these URLs?

What is the htaccess lines/config I would require to ensure that all parts of my site (files & URLs) are protected by authentication, EXCEPT for a given limited set of URLs. For example all except "/api/.*" if this makes sense.
The actually authentication could be like the below, but it's how I wrap this in the directives...
AuthName "Dialog prompt" AuthType
Basic AuthUserFile
/home/site/.htpasswd Require
valid-user
thanks

this seems to work:
AuthUserFile /home/.htpasswd
AuthName "Password Protected"
authtype Basic
Order Deny,Allow
Satisfy any
SetEnvIf request_uri "/api/" allow_all
Deny from all
Require valid-user
Allow from env=allow_all

You could use SetEnvIf and <IfDefine>:
SetEnvIf Request_URI ^/api/ no_auth_req
# If no_auth_req is NOT defined then require authentication
<IfDefine !no_auth_req>
AuthName "Dialog prompt"
AuthType Basic
AuthUserFile /home/site/.htpasswd
Require valid-user
</IfDefine>

How would I require a password for all files except one using .htaccess?

I have a new website I'm working on that the client wants to keep a secret, but at the same time, I want to put an under construction page with some info on it. I would like to have everything except index.html require a user/password--index.html would be available to everyone.
I have the following, but I'm not sure what I need to add:
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /path/to/file/.htpasswd
AuthGroupFile /dev/null
require valid-user
There are too many files and possibly new files to say "for this set of files require a user/password".
I think it has something to do with something similar to:
<Files index.html>
order deny,allow
allow from all
</Files>
But I'm not exactly sure how.

AuthName "Restricted Area"
AuthType Basic
AuthUserFile /path/to/file/.htpasswd
AuthGroupFile /dev/null
<Files "*">
Require valid-user
</Files>
<Files "index.html">
Allow from all
Satisfy any
</Files>

I used empi response almost exactly, but I realized that I'm loading a logo and reset-min.css on the under construction page, so I modified it like the following:
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /home/examplecom/example.com/html/.htpasswd
AuthGroupFile /dev/null
<Files "*">
Require valid-user
</Files>
<FilesMatch "(index\.html|reset-min\.css|logo-temp\.gif)$">
Allow from all
Satisfy any
</FilesMatch>

have you tried reversing the order to first allow, then deny?
For further reading: apache htaccess directive are a good reference.