Solved

Apache Module mod_auth exceptions

Posted on 2013-01-14
10
352 Views
Last Modified: 2013-02-01
Hi E's, I have a sub-domain where I use Apache Module mod_auth inside a .htaccess.
I have this code:
AuthName "/"
AuthUserFile "/home/pedro/.htpasswds/public_html/biblioteca/passwd"
AuthType Basic
require valid-user

Open in new window

The code above will request always a login in every part of the site.
What I want to know it is if can have some exceptions. For example, if I can give access without login for 2 or 3 files, how I do? It's possible protect entire system and give some exceptions?

The best regards. JC
0
Comment
Question by:Pedro Chagas
  • 3
  • 2
10 Comments
 
LVL 16

Accepted Solution

by:
grahamnonweiler earned 300 total points
ID: 38775817
In normal circumstances you would do the opposite of what you are asking:

                   Allow access to all - but - Restrict access on a specifc folder/directory

Currently your .htaccess is in the root, so it restricts access to everything under it (including sub-folders).

You would be better to place all the files you want to allow general access to in the root, then create a sub-folder, with your .htaccess in it, and place all restricted content (including any sub-folders) there.
0
 
LVL 26

Expert Comment

by:arober11
ID: 38786658
You can add a Files, or FilesMatch block to the .htaccess file, to lift the restriction for certain requests e.g.

<Files "public_file.html">
    Order allow,deny
    Allow from all
    Require any
</Files>

Open in new window

0
 
LVL 3

Author Comment

by:Pedro Chagas
ID: 38786679
Hi @arober11, let me see if I understand, because seems a good solution.
For example, if I want unprotected the file "../folder1/index.php" and the file "../folder1/process.php" how I use your code?
And how is the structure of code between my startup code and this change?

The best regards, JC
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 26

Expert Comment

by:arober11
ID: 38790469
Stick the following in the folder1 .htacess file:

<Files ~ "(index|process)\.php">
    Order allow,deny
    Allow from all
    Require any
</Files>

Open in new window

0
 
LVL 3

Author Comment

by:Pedro Chagas
ID: 38792710
Hi, I create a .htaccess file in the folder where are the php files that I want unprotect. But have a strange behavior. When I open the php files in folder, they still continue request the user name and the password, and the strange is my user name and my password not unlock the system.
Should not open the file system (in this case process.php and index.php) without asking credentials?

I have my own library, where I put new knowledge in informatics, the place is http://rdsrc.us/HWSzkM . Sometimes I need to unlock some files (temporary), for example to show here in 'experts exchange'. For each new tutorial I create a new folder that will contain the files, and sometimes I need to unlock the access to that files to 'experts' see.

But, your solution do not unlock the system for access to that specific files.

I hope you can give me the right solution.

~JC
0
 
LVL 3

Author Comment

by:Pedro Chagas
ID: 38792788
Even, the solution can be other. If it more easy and logical, I can create access for specific files, giving a new password and user name to the visitors, just to determined files, and maintain my personal user name and password for the rest of the system.

~JC
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Read about why website design really matters in today's demanding market.
These days socially coordinated efforts have turned into a critical requirement for enterprises.
Any person in technology especially those working for big companies should at least know about the basics of web accessibility. Believe it or not there are even laws in place that require businesses to provide such means for the disabled and aging p…
HTML5 has deprecated a few of the older ways of showing media as well as offering up a new way to create games and animations. Audio, video, and canvas are just a few of the adjustments made between XHTML and HTML5. As we learned in our last micr…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now