I rewrote a file to a directory in .htaccess:
RewriteRule ^folder1/(\/|)$ index.php?a=folder1 [NC,QSA]
How do I password-protect specifically this "folder1" only? So that when users go to mysite.com/folder1/ they get asked for a username & password to access it.
You can have your .htaccess like this:
SetEnvIfNoCase Request_URI ^/folder1(/.*)?$ SECURED
AuthType Basic
AuthName "Password Protected Folder1"
AuthUserFile /full/path/to/.htpasswd
Require valid-user
Satisfy any
Order Allow,Deny
Allow from all
Deny from env=SECURED
RewriteEngine On
RewriteRule ^folder1/(/|)$ index.php?a=folder1 [NC,QSA,L]
Related
We try to disable our password protection for internal use. Therefore we'd like to be able to add a parameter to the url which does this. We know that everybody who knows this parameter will have access to the directory. Now what we've tried so far:
RewriteEngine On
# Do the regex check against the URI here, if match, set the "require_auth" var
RewriteCond %{QUERY_STRING} !^$
RewriteRule (.*auth=mysecurehash.*) $1 [E=require_auth:false]
#Auth stuff
AuthType Basic
AuthUserFile /.htpasswd
AuthName "Enter Username and Password"
# Setup a deny/allow
Order Deny,Allow
# Deny from everyone
Deny from all
# except if either of these are satisfied
Satisfy any
# 1. a valid authenticated user
Require valid-user
# or 2. the "require_auth" var is NOT set
Allow from env=!require_auth
This should disable auth for anydir/anfile.any?auth=mysecurehash
but unfortunately it doesn't.
Actually everybody does have acces now - without password.
What are we missing?
Replace your rule with the following
RewriteCond %{QUERY_STRING} auth=mysecurehash [NC]
RewriteRule ^ - [E=require_auth:false]
FYI , query strings are not part of match in RewriteRule directive, we need to use a RewriteCond to match againgst urls with querystrings.
Try the following :
RewriteEngine on
RewriteCond %{QUERY_STRING} auth=mysecurehash [NC]
RewriteRule ^ - [E=require_auth:false]
#Auth stuff
AuthType Basic
AuthUserFile /.htpasswd
AuthName "Enter Username and Password"
#Here is where we allow/deny
Order Deny,Allow
Satisfy any
Deny from all
Require valid-user
Allow from env=require_auth
With 2.4 you can do it with easy by <If> directive.
For 2.2 you can try to redirect all requests without/without param to specific virtual URL and than use
SetEnvIf Request_URI ^/virturl.html require_auth=false
and then
Order Deny,Allow
Deny from all
Satisfy any
Require valid-user
Allow from env=!require_auth
something like that
Following situation:
I wish to redirect all IP adresses (but NOT two fixed ones) if accessing the www.mydomain.tld/SubFolder1/ on my apache to www.mydomain.tld
Offen basic authentication for the www.mydomain.tld/SubFolder1/ with differen usernames
any idea how to do that?
I tried to use one htaccess file where i added some redirection rules and the basic auth stuff. But I never got the redirection rules to work correctly. Seamed the auth stuff is overwriting the redirection rules. Could that be?
I use the following code for the Authentication
AuthName "Restricted"
AuthType Basic
AuthUserFile //is/htdocs/www/subfolder1/.htpasswd
AuthGroupFile /dev/null
require valid-user
You can use this code in your DOCUMENT_ROOT/SubFolder1/.htaccess file:
RewriteEngine On
RewriteCond %{REMOTE_ADDR} !^(192\.168\.0\.10|192\.168\.0\.20)$
RewriteRule ^$ http://www.mydomain.tld/ [L,R]
SetEnvIf Remote_Addr ^(192\.168\.0\.10|192\.168\.0\.20)$ DOAUTH
AuthName "Restricted"
AuthType Basic
AuthUserFile //is/htdocs/www/subfolder1/.htpasswd
AuthGroupFile /dev/null
require valid-user
Satisfy any
Order allow,deny
Allow from all
Deny from env=DOAUTH
SetEnvIf is needed because mod_auth runs before mod_rewrite hence env set by mod_rewrite cannot be used mod_auth.
I want to change Webpage URL http://www.xyz.com/in/index.php?mpid=page1 to http://www.xyz.com/in/page1 using .htaccess.
And also want to protect my folders with username and password.
AuthType Basic
AuthName "Protected Area"
#path to htpaswd
AuthUserFile /path/to/.htpasswd
Require valid-user
RewriteEngine on
RewriteCond %{REQUEST_URI} !^in
RewriteRule /in/(.+) in/index.php?mpid=$1
I am trying to password-protect a page with a given id somewhere in the query string. My .htaccess looks like this:
RewriteEngine On
RewriteCond %{QUERY_STRING} id=12
RewriteRule (.*) $1 [E=protected_uri:1]
Order Deny,Allow
AuthName "Protected"
AuthType Basic
AuthUserFile /blabla/.htpasswd
AuthGroupFile /
Require valid-user
Order allow,deny
Allow from all
Deny from env=protected_uri
Satisfy any
This works fine for http://xy.com/?id=12, but it doesn't work for http://xy.com/index.php?id=12. For the second URL no password is needed.
I have no idea why this isn's working, because id=12 in the RewriteCond-Line should match all the URL's with id=12 in it?
Thanks for your help!
Ben
I need to protect all http://domain.com with AuthType Basic, but leave http://domain.com/foo/bar
(http://domain.com/foo/bar is a rewrite url, not a folder)
I read about location tag but it not work in htaccess file :(.
RewriteCond %{REQUEST_URI} !^(foo/bar)
-- protect howsoever you want --
I found the answer:
SetEnvIfNoCase REQUEST_URI "/foo/bar" ExcludePath
AuthName "SiteName Administration"
AuthUserFile /.htpasswd
AuthType basic
Require valid-user
Order deny,allow
Deny from all
Allow from env=ExcludePath
Satisfy Any