Solved

Apache: protect whole website with pasword excluding one(2,3) URLs

Posted on 2008-10-17
3
253 Views
Last Modified: 2010-03-04
Hi experts!

I have a problem, i need to protect whole website with password excluding few URLS.

Basically i have:

<Directory /var/www/vhosts/dev.tda>
        AuthType Basic
        AuthName "Authorisation required"
        AuthUserFile /var/www/vhosts/dev.tda/conf/htpasswd
        Require user dev
</Directory>

and i need, let's say url "/api/apipoint1" to be accessible without apache prompting for password

the thing is, that i rewrite URL so "/api/apipoint1" doesn't  match any file on filesystem

Can anyone help?
0
Comment
Question by:7workers
  • 2
3 Comments
 
LVL 27

Expert Comment

by:caterham_www
ID: 22744858
> the thing is, that i rewrite URL

Where? Server-context or directory context?

A possible solution could be a location container with the satisfy directive
<Location /api/apipoint1>
Satisfy any
</Location>

Open in new window

0
 

Accepted Solution

by:
7workers earned 0 total points
ID: 22774052
> caterham_www

I rewrite URLs for whole website.

So

<Location /api/apipoint1>
Satisfy any
</Location>

Doesn't work
0
 
LVL 27

Expert Comment

by:caterham_www
ID: 23137544
> Doesn't work

I can't reproduce. The following works for me (/foo/bar accessible w/o a prompt for a password).
RewriteEngine on
RewriteRule ^/foo/bar /test/test.php [L]
 
<Directory /var/www/test>
 AuthName "testerei-wq:wq"
 AuthName "testerei"
 AuthType Basic
 AuthUserFile /var/www/test/.htpasswd
 Require valid-user
</Directory>
 
<Location /foo/bar>
 Satisfy any
</Location>

Open in new window

0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Post form data to PHP then to 3rd party site 19 42
Server specifications for web hosting 7 92
Internal wordpress pages 404 5 42
Use of SSL Certificates - http vs https 3 75
If you are running a LAMP infrastructure, this little code snippet is very helpful if you are serving lots of HTML, JavaScript and CSS-related information. The mod_deflate module, which is part of the Apache 2.2 application, provides the DEFLATE…
In Solr 4.0 it is possible to atomically (or partially) update individual fields in a document. This article will show the operations possible for atomic updating as well as setting up your Solr instance to be able to perform the actions. One major …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question