Apache: protect whole website with pasword excluding one(2,3) URLs

Posted on 2008-10-17
Last Modified: 2010-03-04
Hi experts!

I have a problem, i need to protect whole website with password excluding few URLS.

Basically i have:

<Directory /var/www/vhosts/dev.tda>
        AuthType Basic
        AuthName "Authorisation required"
        AuthUserFile /var/www/vhosts/dev.tda/conf/htpasswd
        Require user dev

and i need, let's say url "/api/apipoint1" to be accessible without apache prompting for password

the thing is, that i rewrite URL so "/api/apipoint1" doesn't  match any file on filesystem

Can anyone help?
Question by:7workers
  • 2
LVL 27

Expert Comment

ID: 22744858
> the thing is, that i rewrite URL

Where? Server-context or directory context?

A possible solution could be a location container with the satisfy directive
<Location /api/apipoint1>
Satisfy any

Open in new window


Accepted Solution

7workers earned 0 total points
ID: 22774052
> caterham_www

I rewrite URLs for whole website.


<Location /api/apipoint1>
Satisfy any

Doesn't work
LVL 27

Expert Comment

ID: 23137544
> Doesn't work

I can't reproduce. The following works for me (/foo/bar accessible w/o a prompt for a password).
RewriteEngine on
RewriteRule ^/foo/bar /test/test.php [L]
<Directory /var/www/test>
 AuthName "testerei-wq:wq"
 AuthName "testerei"
 AuthType Basic
 AuthUserFile /var/www/test/.htpasswd
 Require valid-user
<Location /foo/bar>
 Satisfy any

Open in new window


Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Post form data to PHP then to 3rd party site 19 42
Server specifications for web hosting 7 92
Internal wordpress pages 404 5 42
Use of SSL Certificates - http vs https 3 75
If you are running a LAMP infrastructure, this little code snippet is very helpful if you are serving lots of HTML, JavaScript and CSS-related information. The mod_deflate module, which is part of the Apache 2.2 application, provides the DEFLATE…
In Solr 4.0 it is possible to atomically (or partially) update individual fields in a document. This article will show the operations possible for atomic updating as well as setting up your Solr instance to be able to perform the actions. One major …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question