Solved

Apache Module mod_auth exceptions

Posted on 2013-01-14
10
362 Views
Last Modified: 2013-02-01
Hi E's, I have a sub-domain where I use Apache Module mod_auth inside a .htaccess.
I have this code:
AuthName "/"
AuthUserFile "/home/pedro/.htpasswds/public_html/biblioteca/passwd"
AuthType Basic
require valid-user

Open in new window

The code above will request always a login in every part of the site.
What I want to know it is if can have some exceptions. For example, if I can give access without login for 2 or 3 files, how I do? It's possible protect entire system and give some exceptions?

The best regards. JC
0
Comment
Question by:Pedro Chagas
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
10 Comments
 
LVL 16

Accepted Solution

by:
grahamnonweiler earned 300 total points
ID: 38775817
In normal circumstances you would do the opposite of what you are asking:

                   Allow access to all - but - Restrict access on a specifc folder/directory

Currently your .htaccess is in the root, so it restricts access to everything under it (including sub-folders).

You would be better to place all the files you want to allow general access to in the root, then create a sub-folder, with your .htaccess in it, and place all restricted content (including any sub-folders) there.
0
 
LVL 26

Expert Comment

by:arober11
ID: 38786658
You can add a Files, or FilesMatch block to the .htaccess file, to lift the restriction for certain requests e.g.

<Files "public_file.html">
    Order allow,deny
    Allow from all
    Require any
</Files>

Open in new window

0
 
LVL 3

Author Comment

by:Pedro Chagas
ID: 38786679
Hi @arober11, let me see if I understand, because seems a good solution.
For example, if I want unprotected the file "../folder1/index.php" and the file "../folder1/process.php" how I use your code?
And how is the structure of code between my startup code and this change?

The best regards, JC
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 26

Expert Comment

by:arober11
ID: 38790469
Stick the following in the folder1 .htacess file:

<Files ~ "(index|process)\.php">
    Order allow,deny
    Allow from all
    Require any
</Files>

Open in new window

0
 
LVL 3

Author Comment

by:Pedro Chagas
ID: 38792710
Hi, I create a .htaccess file in the folder where are the php files that I want unprotect. But have a strange behavior. When I open the php files in folder, they still continue request the user name and the password, and the strange is my user name and my password not unlock the system.
Should not open the file system (in this case process.php and index.php) without asking credentials?

I have my own library, where I put new knowledge in informatics, the place is http://rdsrc.us/HWSzkM . Sometimes I need to unlock some files (temporary), for example to show here in 'experts exchange'. For each new tutorial I create a new folder that will contain the files, and sometimes I need to unlock the access to that files to 'experts' see.

But, your solution do not unlock the system for access to that specific files.

I hope you can give me the right solution.

~JC
0
 
LVL 3

Author Comment

by:Pedro Chagas
ID: 38792788
Even, the solution can be other. If it more easy and logical, I can create access for specific files, giving a new password and user name to the visitors, just to determined files, and maintain my personal user name and password for the rest of the system.

~JC
0

Featured Post

The Ultimate Checklist to Optimize Your Website

Websites are getting bigger and complicated by the day. Video, images, custom fonts are all great for showcasing your product/service. But the price to pay in terms of reduced page load times and ultimately, decreased sales, can lead to some difficult decisions about what to cut.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
FAQ pages provide a simple way for you to supply and for customers to find answers to the most common questions about your company. Here are six reasons why your company website should have a FAQ page
In this tutorial viewers will learn how to embed Flash content in a webpage using HTML5. Ensure your DOCTYPE declaration is set to HTML5: "<!DOCTYPE html>": Use the <object> tag to embed Flash content.: To specify that the object is Flash content, d…
The viewer will get a basic understanding of what section 508 compliance can entail, learn about skip navigation links, alt text, transcripts, and font size controls.

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question