I have a system where x domains could lead to the same folder on the server.
(content is shown by the Database for the given domain)
Now I want to develop a new page but I would need a htaccess auth only for this domain.
example1.com ok
example2.com auth
example3.com ok
Any idea?
You can use SetEnv directives to setup a "pass through" for the hosts that don't need HTTP authentication. The rest is the same as setting up HTTP Auth:
# Set the PROTECTED_HOST env var if the hostname is example2.com
SetEnvIfNoCase HOST example2.com PROTECTED_HOST
# basic HTTP Auth stuff
AuthUserFile /var/www/htpasswd
AuthName "Password Protected"
AuthType Basic
Order Deny,Allow
Deny from all
# Use satisfy any for either ENV or required user
Satisfy any
Require valid-user
Allow from env=!PROTECTED_HOST
Related
I have a Shopware shop with the following Domain:
myshop.tld
Now I have created a so called »Language Shop« on the same Domain which is accessible via:
myshop.tld/en
How to protect only the new Language Shop (myshop.tld/en) with .htaccess and .htpasswd?
Try something like this in the webserver configuration (Location does not work in the .htaccess)
<Location /en>
Require valid-user
AuthType basic
AuthName "Protected shop"
AuthUserFile /your/path/.htpasswd
</Location>
See here https://stackoverflow.com/a/580067/288568
If you don't have access to the web server vhost configuration, you can use something like
SetEnvIf Request_URI "/en/.*" DENY
edit
Use
SetEnvIf Request_URI "/en.*" DENY
to match also the homepage.
in the .htaccess to define an env variable and DENY access based on this.
I recommend to use the web-server configuration (if possible) because it's easier to read.
For all the sites we develop, we use .htpasswd protection to stop bots and anyone without authorisation to access the staging environment. With the latest project we are working on, we are using Resrc.it to handle our responsive images.
Resrc.it works by tunneling the images through their servers, and returning the correct sized image, so the URL's for the images look like this:
http://trial.resrc.it/s=w240,pd1/o=85/http://staging.website.com/images/uploads/product/images/image.jpg
The issue is that .htpasswd is blocking access so Resrc.it can't grab the images, I have tried adding trial.resrc.it to one of the domains allowed through but it's not working. This is my code so far:
SetEnvIf HOST "^(www\.)?website.local" dev
SetEnvIf HOST "^(www\.)?website.com" live
SetEnvIf HOST "^(www\.)?trial.resrc.it" resrcit
Order Deny,Allow
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /home/website/staging/.htpasswd
AuthGroupFile /dev/null
require valid-user
Deny from all
Allow from env=live
Allow from env=dev
Allow from env=resrcit
Satisfy any
I've seen numerous topics. with .htaccess excluding files or IP's but I just can't seem to fit it together.
I want to lock down our development server for the outside world. All (sub)domains on this server should be handled with one file.
All visitors (clients) have to login
Except inside our office
Allow 1 file for everybody. Because someone used it as the source of an email signature...
I can get 2 out of 3 to work but not a combination of all 3.
This .htaccess is located in /home/user/domains/.htaccess
Individual websites also have their own .htaccess in their webroot /home/user/domains/example.com/public_html/.htaccess these websites are mostly WordPress or Magento. And so are there .htacess files
Overview of the structure
/home/user/.htaccess #the file I've put the code.
/home/user/domains/wordpress.example.com/public_html/.htaccess
/home/user/domains/magento.example.com/public_html/.htaccess
/home/user/domains/example.com/public_html/.htaccess
/home/user/domains/anotherwp.example.com/public_html/.htaccess
The file I use
AuthName "You shall not pass"
AuthUserFile /home/user/domains/.htpasswd
AuthType Basic
Require valid-user
Order Deny,Allow
#doens't work for some reason
Allow from xxx.xxx.xxx.xxx #Office IP
#This execption is here because some smartass included this in an email signature
<Files "email_logo.jpg">
Allow from all
Satisfy any
</Files>
Who can help me out?
Here is how you can do all 3 requirements using mod_setnenvif:
SetEnvIf Remote_Addr ^192\.168\.0\. ALLOWED
SetEnvIfNoCase Request_URI "email_logo\.jpg" ALLOWED
AuthName "You shall not pass"
AuthUserFile /home/user/domains/.htpasswd
AuthType Basic
Require valid-user
Satisfy any
Order deny,allow
Deny from All
Allow from env=ALLOWED
I've this .htaccess to protect a subdomain.
AuthType Basic
AuthUserFile /home/xxx/dev.xxx.com/.htpasswd
AuthName "Dev"
require valid-user
How can I exclude only one file from this protection.
Then this file could be accesible without password protection
You can do this with a Satisfy Any and a special Allow that lets certain requests through without a password check. So in your htaccess file:
SetEnvIf Request_URI ^/protected-dir/no_protect_file.php norequire_auth=true
# Auth stuff
AuthUserFile /home/xxx/dev.xxx.com/.htpasswd
AuthName "Dev"
AuthType Basic
# Setup a deny/allow
Order Deny,Allow
# Deny from everyone
Deny from all
# except if either of these are satisfied
Satisfy any
# 1. a valid authenticated user
Require valid-user
# or 2. the "require_auth" var is NOT set
Allow from env=norequire_auth
If a request is made for http://your.domain.com/protected-dir/no_protect_file.php, the SetEnvIf matches and the norequire_auth environment variable is set. The auth part checks for it to allow it to pass through without requiring a password.
You could create a new directory outside the password protected one and create a symlink to the file you want to be unprotected and distribute the URL to the non-protected library instead of the protected one.
I am using a wildcard dns system that routes all subdomains through a single web app and sets a userid based on the first part of the URL (X.domain.com where X is the username).
I now want to edit my htaccess file to enable conditional httpauth using htpasswd for specific domains. e.g. if url = password.domain.com the enable httpauth.
I'm sure this is possible but have limited knowledge of htaccess.
You can use SetEnvIf, here's a snippet from this post by Tom Schlick.
#allows a single uri through the .htaccess password protection
SetEnvIf Request_URI "/testing_uri$" test_uri
#allows everything if its on a certain host
SetEnvIf HOST "^testing.yoursite.com" testing_url
SetEnvIf HOST "^yoursite.com" live_url
Order Deny,Allow
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /path/to/your/.htpasswd
AuthGroupFile /
Require valid-user
#Allow valid-user
Deny from all
Allow from env=test_uri
Allow from env=testing_url
Allow from env=live_url
Satisfy any