I set some htaccess with htpasswd on my server. Here is it's content:
Order Allow,Deny
AuthType Basic
AuthName "Password"
AuthUserFile /var/www/.htpasswd
Require valid-user
Satisfy Any
It works for all /var/www/* directories.
Is it possible to ignore some of that /var/www/* directories ?
You can place those directives in a <Directory> directive, so they only apply to one directory.
Related
In order to avoid access for specific files that are still under construction, I wrote these lines in the website root .htaccess. This worked perfectly:
<FilesMatch "login.php|reset.php|raport.php">
AuthUserFile /home/myaccount/public_html/.htpasswd
AuthType Basic
AuthName "Restricted area"
Require valid-user
</FilesMatch>
Afterwards, I installed phpBB under /forum. When I try to access its login page... I must authenticate first.
My big question is how to modify the FilesMatch condition in order to apply it for login.php in the website root, but not for login.php in other folders.
Thank you in advance!
You could use SetEnvIf against the URI only form root like this :
SetEnvIf Request_URI "^/?(login|reset|raport)\.php" PASS
AuthUserFile /home/myaccount/public_html/.htpasswd
AuthType Basic
AuthName "Restricted area"
Order Deny,Allow
Deny from all
Satisfy any
Require valid-user
Allow from env=!PASS
So , form here SetEnvIf Request_URI "^/?(login|reset|raport)\.php you make sure that the URI is starting with login|reset|raport only and not sub-directory .
I want to protect the complete /var/www/html/* area with a Password, but exclude one File.
I tried this Code:
<Files *.*>
AuthType Basic
AuthName "Service-Login"
AuthUserFile /path/tomypasswdfile/...
Require valid-user
</Files>
<Files /index.alternetive.php>
#Order allow,deny
Require all granted
#Allow from All
#Allow from env=allow
#Satisfy any
</Files>
The Login is functioning, but for ALL files including the "index.alternetive.php"-File.
My apache2 is running on Ubuntu-Xenial.
Thanks Alot
Files doesn't work on path names, but only on file names. If you want a specific path, you must enclose it in a Directory directive or put it in a .htaccess where it belongs. In your case this seems to be the root directory
AuthType Basic
AuthName "Service-Login"
AuthUserFile /path/tomypasswdfile/...
Require valid-user
<Files index.alternetive.php>
Require all granted
</Files>
Also look at the spelling, e.g. alternetive vs alternative.
The file name is your problem. Change it to something like index_alternetive.php and that should work for you.
I've seen a few other relative posts but didn't find any solution.
I need to restrict a folder with authentification, it works.
But in this folder I need to keep one file access opened to everybody, I used this but it doesn't works :
AuthName "Admins Only"
AuthUserFile /home/dd/.htpasswd
AuthGroupFile /dev/null
AuthType basic
require user AuthorizedUser
Options -Indexes
<Files "admin-ajax.php">
Allow from all
Satisfy all
</Files>
Sorry for my bad english and thanks for help !
use SetEnv and Order directive :
#set variable if uri is "/admin-ajax.php"
SetEnvIf Request_URI ^/folder/admin-ajax\.php noauth=1
#auth
AuthName "Admins Only"
AuthUserFile /home/dd/.htpasswd
AuthGroupFile /dev/null
AuthType basic
require user AuthorizedUser
#Here is where we allow/deny
Order Deny,Allow
Satisfy any
Deny from all
Require user AuthorizedUser
Allow from env=noauth
This will let you access your admin-ajax.php without login to server.
I have protected my root folder using .htpasswd
AuthType Basic
AuthName "Restricted Access"
AuthUserFile /home/a1199104/public_html/.htpasswd
Require user lamak
The above code deny access to my whole site/folder/subfolder, I have a subfolder public It has some public files .I want anyone to access this folder and files without password protection, is this possible.?
You can use SetEnv and Order directive to remove password protection :
Try :
#set env variable noauth if uri is "/public/files"
SetEnvIf Request_URI ^/public/ noauth=1
#auth
AuthType Basic
AuthName "Restricted Access"
AuthUserFile /home/a1199104/public_html/.htpasswd
Require user lamak
#Here is where we allow/deny
Order Deny,Allow
Satisfy any
Deny from all
Require user lamak
Allow from env=noauth
Create a file called public/.htaccess and place this code:
Order allow,deny
allow from all
Satisfy any
I have a .htpasswd file in the root of my domain and a .htaccess file which should protect a single index.php file. Unfortunately it appears asif index.php files in subdirectories are also protected.
Is it possible to make this work on a single file and leave files in subdirectories untouched?
This is my current .htaccess file.
<Files "index.php">
AuthName "Users zone"
AuthType Basic
AuthUserFile /home/deb69824/domains/.htpasswd
require valid-user
</Files>
Interesting problem. Using Files or FilesMatch won't help you since that only matches file names irrespective of the directory files reside in. Unfortunately Location directive is not allowed in .htaccess file.
Luckily there is a directive that you can make use of here, i.e. mod_setenvif
# set env variable if URI is /index.php
SetEnvIf Request_URI "^/index\.php$" HOME_INDEX
# use BASIC authentication only when env variable HOME_INDEX is set
AuthType Basic
Authname "Users zone"
AuthUserFile /home/deb69824/domains/.htpasswd
Require valid-user
Satisfy any
Order allow,deny
Allow from all
Deny from env=HOME_INDEX
Include a slash, which indicates the exact location of the file, e.g. in the root of the directory?
<Files "./index.php">
AuthName "Users zone"
AuthType Basic
AuthUserFile /home/deb69824/domains/.htpasswd
require valid-user
</Files>