htaccess exclude multiple url from Basic Auth
Question
Hi i need to protect my app during the testing phase.
I read this post about excluding one url from Basic Auth
But i'd like to exclude 2 urls :
/api/*
/oauth/v2/token
So the entire app will be protected except for those two urls, that will be public. Otherwise i can't access my api routes.
My .htaccess for now is :
# Protect the app with password
AuthUserFile /home/master/public_html/web/.htpasswd
AuthName "Protected"
AuthType Basic
Require valid-user
So i'm guessing i should need some sort or regex in :
SetEnvIf Request_URI ^/api/ noauth=1
How can i have like a OR condition?
3 answers
solution1
3 ACCPTED 2016-06-05 14:16:03
Try :
SetEnvIf Request_URI ^/(api/|oauth/V2/token) noauth=1
You can exclude uris, just seperate them using a bar |
solution2
2 2016-06-05 16:19:51
You can wrap Require inside another directive, like Directory orLocation
<Location /api/>
Require all granted
</Location>
<Location /oauth/v2/token>
Require all granted
</Location>
Not asked, but Getting it working says about .htpasswd
This file should be placed somewhere not accessible from the web. This is so that folks cannot download the password file.
So you shouldn't put .htpasswd inside public_html .
solution3
1 2021-03-19 14:29:29
Apache 2.4 Auth/Access control has changed since 2.2. Here is the new syntax:
AuthType Basic
AuthUserFile /home/master/public_html/web/.htpasswd
AuthName "Protected"
SetEnvIf Request_URI ^/(api/|oauth/V2/token) noauth=1
<RequireAny>
Require env noauth
Require env REDIRECT_noauth
Require valid-user
</RequireAny>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.