Apache 2.4 - Exclude one file from authentication


I have a folder protected by Basic Authentication. There is one CGI executable within a sub-folder that I want to exclude from authentication.

I have put the following in my htaccess.
<Files "open.exe">
    Require all granted

AuthType Basic
AuthUserFile //path/to/file/
require valid-user

Open in new window

This seems to work for most users. However some users are still prompted to login and I dont know why. When this happens I see the following in the access logs.

111.222.333.444 - - [05/Feb/2015:13:58:56 +1000] "GET /cgi-bin/open.exe HTTP/1.1" 200 96932
111.222.333.444 - - [05/Feb/2015:13:59:02 +1000] "GET /cgi-bin/[object%20Object] HTTP/1.1" 401 381

How do I properly exclude this exe from the authentication?

This is Apache 2.4 so alot of the other questions about this are outdated.

Thank you
Who is Participating?
giltjrConnect With a Mentor Commented:
Are you sure that the users that are NOT getting prompted are not already authorized?
Maybe they have saved their user-id/password in the browser and it is automatically responding.

The only time you would get prompted for a user-id/password is the 1st time you try and access a resource that requires authorization.

Double check your access logs for the file you have excluded.   Is there a user-id in the log entry?  If so then they were already authorized.
mhdiAuthor Commented:
Good idea, but I have proven that is not the case.

There is no user-id in the logs. I have also tested with browsers which have never seen this website before (no previous authentication) and it worked ok. I'm not sure why its only a couple of users having the problem.
Looking at your message it looks like they were able to open "open.exe"

The other message deals with "[object%20Object]"  which is not "open.exe"

Is  "[object%20Object]" literally what is in the message?
Looking around it appears that "[object%20Object]" is generated when you try to  convert a null variable to a string.

Do you have any scripts that are running on either the server side or the client side?
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.