We Keep Coding

.htaccess - Disable basic auth for specific path

I run a testsystem with a htaccess basic auth:
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /var/www/html/.htpasswd
Require valid-user
I now want to disable this auth for all user who target the /api and /api/orders etc. of this server. I tried it with this:
SetEnvIf Request_URI "/api(.*)$" api_uri
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /var/www/html/.htpasswd
Require valid-user
Deny from all
Allow from env=api_uri
Satisfy any
But this does not work - mod_setenvif is enabled. Does anybody have an idea why this is not working?
Thanks!

Have it this way:
SetEnvIf Request_URI /api api_uri
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /var/www/html/.htpasswd
Require valid-user
Satisfy any
Order deny,allow
Deny from all
Allow from env=api_uri

I normally just add a separate .htaccess file inside the api folder:
Satisfy any

How to config htpasswd with htaccess

i want to make some pages password protected using .htpasswd
How can i do it ??
# Do the regex check against the URI here, if match, set the "require_auth" var
SetEnvIf Request_URI ^/product-category/ require_auth=true
# Auth stuff
AuthUserFile /home1/thetimh6/public_html/htpasswd
AuthName "Password Protected"
AuthType Basic
# Setup a deny/allow
Order Deny,Allow
# Deny from everyone
Deny from all
# except if either of these are satisfied
Satisfy any
# 1. a valid authenticated user
Require valid-user
# or 2. the "require_auth" var is NOT set
Allow from env=!require_auth
I am try it in my htaccess file but it is showing me
500 Server Error

Put the following code in .htaccess in public_html
AuthType Basic
AuthName "Password Protected Area"
AuthUserFile /path/to/.htpasswd
Require valid-user
Then create a .htpasswd, but put it OUTSIDE public_html
So the /path/to/.htpasswd is pointing to that location

It's quite possible I'm thinking too simple here, but shouldn't the code:
AuthUserFile /home1/thetimh6/public_html/htpasswd
be:
AuthUserFile /home1/thetimh6/public_html/.htpasswd

.htaccess require valid-user on Remote server, not local

This is my .htacess file. I'm trying to figure out how to to require a valid user with username/password only on the remote server, not on my local dev environment. Any help is appreciated. Thanks!
AuthType Basic
AuthName "restricted area"
require valid-user
AuthUserFile "/home/username/.htpasswds/public_html/passwd"

For those happening to stumble upon this old question, I use the following .htaccess logic in scenarios where I have one codebase for localhost, production, and a preview/staging environment, and only want to password-protect the latter:
<If "%{HTTP_HOST} == 'preview.example.com'">
AuthName "Preview Example"
AuthType Basic
AuthUserFile /example-path/.htpasswd
Require valid-user
</If>

htaccess and multiple htpasswd

I protected a couple of pages via the htaccess and htpasswd. Until now the site functioned well, but the last couple of days, we're experiencing some problems, and i wan't rule out this part of code.
My htaccess:
<Files "leiden.html">
AuthName "Name and Password"
AuthUserFile /var/www/fullpath to/.htpasswd
Require valid-user
AuthType Basic
</Files>
<Files "alkmaar.html">
AuthName "Name and Password"
AuthUserFile /var/www/fullpath to/.htpasswd2
Require valid-user
AuthType Basic
</Files>
<Files "vlaardingen.html">
AuthName "Name and Password"
AuthUserFile /var/www/fullpath to/.htpasswd3
Require valid-user
AuthType Basic
</Files>
ErrorDocument 401 /error401.html
And the corresponding htpasswd's containing the encrypted name and password combination.
.htpasswd
aaa:bbbb
.htpasswd2
ccc:dddd
.htpasswd3
eee:ffff
Is it possible to use multiple htpasswd's in this way or is there a better/cleaner solution to use only one htaccess and only one htpasswd?
For some reason, the site regularly blocks a user's ip-adress as a safety-precaution and i want to rule this security-solution out as cause of the problem.
Thanx in advance.
Melkman

Is it possible to use multiple htpasswd's in this way or is there a better/cleaner solution to use only one htaccess and only one htpasswd?
Something that you could do is keep on htpasswd file, and instead of using Require valid-user, use the require with a specific username:
<Files "leiden.html">
AuthName "Name and Password"
AuthUserFile /var/www/fullpath to/.htpasswd
Require user aaa
AuthType Basic
</Files>
<Files "alkmaar.html">
AuthName "Name and Password"
AuthUserFile /var/www/fullpath to/.htpasswd
Require user bbb
AuthType Basic
</Files>
<Files "vlaardingen.html">
AuthName "Name and Password"
AuthUserFile /var/www/fullpath to/.htpasswd
Require user ccc
AuthType Basic
</Files>
The mod_authz stuff (htpasswd/BASIC auth) isn't what's causing IP addresses to be blocked. Something else must be causing that.

different htpasswd files per domain

I've 2 domains e.g. foo.com and bar.com which share the same document root.
The sites are protected by a .htaccess file
AuthUserFile ../.htpasswd
AuthName "No Access"
AuthType Basic
<Limit GET POST PUT>
require valid-user
</Limit>
how can I set the AuthUserFile depending on the host?
pseudocode:
if (host == foo.com) {
AuthUserFile ../.htpasswd_foo
} else {
AuthUserFile ../.htpasswd_bar
}
AuthName "No Access"
AuthType Basic
<Limit GET POST PUT>
require valid-user
</Limit>
If this is not possible are there any other ways to get different logins for the 2 domains?

Try setting it up like this:
#site1.com
setenvIfNoCase Host site1\.com pass_1
AuthType Basic
AuthName "Site1.com Login Required"
AuthUserFile "/home/userdir/.htpasswds/site1.pwd"
Require valid-user
Order allow,deny
Allow from all
Deny from env=pass_1
Satisfy any
#site2.com
setenvIfNoCase Host site2\.com pass_2
AuthType Basic
AuthName "Site2.com Login Required"
AuthUserFile "/home/user_dir/.htpasswds/site2.pwd"
Require valid-user
Order allow,deny
Allow from all
Deny from env=pass_2
Satisfy any