Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 262
  • Last Modified:

Apache: protect whole website with pasword excluding one(2,3) URLs

Hi experts!

I have a problem, i need to protect whole website with password excluding few URLS.

Basically i have:

<Directory /var/www/vhosts/dev.tda>
        AuthType Basic
        AuthName "Authorisation required"
        AuthUserFile /var/www/vhosts/dev.tda/conf/htpasswd
        Require user dev
</Directory>

and i need, let's say url "/api/apipoint1" to be accessible without apache prompting for password

the thing is, that i rewrite URL so "/api/apipoint1" doesn't  match any file on filesystem

Can anyone help?
0
7workers
Asked:
7workers
  • 2
1 Solution
 
caterham_wwwCommented:
> the thing is, that i rewrite URL

Where? Server-context or directory context?

A possible solution could be a location container with the satisfy directive
<Location /api/apipoint1>
Satisfy any
</Location>

Open in new window

0
 
7workersAuthor Commented:
> caterham_www

I rewrite URLs for whole website.

So

<Location /api/apipoint1>
Satisfy any
</Location>

Doesn't work
0
 
caterham_wwwCommented:
> Doesn't work

I can't reproduce. The following works for me (/foo/bar accessible w/o a prompt for a password).
RewriteEngine on
RewriteRule ^/foo/bar /test/test.php [L]
 
<Directory /var/www/test>
 AuthName "testerei-wq:wq"
 AuthName "testerei"
 AuthType Basic
 AuthUserFile /var/www/test/.htpasswd
 Require valid-user
</Directory>
 
<Location /foo/bar>
 Satisfy any
</Location>

Open in new window

0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now