Apache: protect whole website with pasword excluding one(2,3) URLs

Posted on 2008-10-17
Last Modified: 2010-03-04
Hi experts!

I have a problem, i need to protect whole website with password excluding few URLS.

Basically i have:

<Directory /var/www/vhosts/dev.tda>
        AuthType Basic
        AuthName "Authorisation required"
        AuthUserFile /var/www/vhosts/dev.tda/conf/htpasswd
        Require user dev

and i need, let's say url "/api/apipoint1" to be accessible without apache prompting for password

the thing is, that i rewrite URL so "/api/apipoint1" doesn't  match any file on filesystem

Can anyone help?
Question by:7workers
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 27

Expert Comment

ID: 22744858
> the thing is, that i rewrite URL

Where? Server-context or directory context?

A possible solution could be a location container with the satisfy directive
<Location /api/apipoint1>
Satisfy any

Open in new window


Accepted Solution

7workers earned 0 total points
ID: 22774052
> caterham_www

I rewrite URLs for whole website.


<Location /api/apipoint1>
Satisfy any

Doesn't work
LVL 27

Expert Comment

ID: 23137544
> Doesn't work

I can't reproduce. The following works for me (/foo/bar accessible w/o a prompt for a password).
RewriteEngine on
RewriteRule ^/foo/bar /test/test.php [L]
<Directory /var/www/test>
 AuthName "testerei-wq:wq"
 AuthName "testerei"
 AuthType Basic
 AuthUserFile /var/www/test/.htpasswd
 Require valid-user
<Location /foo/bar>
 Satisfy any

Open in new window


Featured Post

Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As Wikipedia explains 'robots.txt' as -- the robot exclusion standard, also known as the Robots Exclusion Protocol or robots.txt protocol, is a convention to prevent cooperating web spiders and other web robots from accessing all or part of a websit…
It is possible to boost certain documents at query time in Solr. Query time boosting can be a powerful resource for finding the most relevant and "best" content. Of course the more information you index, the more fields you will be able to use for y…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question