Im trying to password protect index.php (or html) file only but can't manage. Subfolders need to be accessed without password...
Something like...
<Files "/var/www/clientarea/index.php">
AuthUserFile /var/www/clientarea/.htpasswd
AuthName "Salasanasuojattu sivusto"
AuthType Basic
require valid-user
</Files>
Try this code:
SetEnvIfNoCase Request_URI "^/index\.(php|html?)" SECURED
AuthUserFile /var/www/clientarea/.htpasswd
AuthName "Salasanasuojattu sivusto"
AuthType Basic
require valid-user
Satisfy any
Order allow,deny
Allow from all
Deny from env=SECURED
Related
I need a password protection for a single site. This is a seo friendly url:
The default path is:
http://www.website-url.com/index.php?id_cms=xx&controller=cms
and here is the seo url:
http://www.website-url.com/content/xx-login
I have already the .htaccess and .htpasswd, but how to specify rewriting in .htaccess only for this url? I tried this:
<filesMatch "http://www.website-url.com/content/xx-login">
IndexIgnore .htaccess .htpasswd
AuthUserFile /absolut_path/.htpasswd
AuthName "Login"
AuthType Basic
require valid-user
</filesMatch>
I'm using Prestashop.
FilesMatch doesn't work that way, you could try using SetEnvIf to bypass the Auth unless the URI is something specific (which is what I gather you are trying to do):
IndexIgnore .htaccess .htpasswd
SetEnvIfNoCase Request_URI "^/content/xx-login" SECURED
# enforce auth if SECURED
AuthType Basic
AuthName "Login"
AuthUserFile /absolut_path/.htpasswd
Require valid-user
Order allow,deny
Allow from env=!SECURED
Satisfy any
I am trying to protect an index.php page of a subfolder with .htaccess.
The protection works as expected when I navigate to example.com/subfolder/index.php. However, when I just go to example.com/subfolder I get a 401 error.
Here is the relevant .htacess code:
AuthUserFile /home/myfolder/subfolder/.htpasswd
AuthName "Please enter your password"
AuthType Basic
<files index.php>
require valid-user
</files>
What do I need to do differently?
You should put a new .htaccess file in the subfolder directory with just the following in it:
AuthUserFile /home/myfolder/subfolder/.htpasswd
AuthName "Please enter your password"
AuthType Basic
require valid-user
That will password protect the entire directory
I need to protect all http://domain.com with AuthType Basic, but leave http://domain.com/foo/bar
(http://domain.com/foo/bar is a rewrite url, not a folder)
I read about location tag but it not work in htaccess file :(.
RewriteCond %{REQUEST_URI} !^(foo/bar)
-- protect howsoever you want --
I found the answer:
SetEnvIfNoCase REQUEST_URI "/foo/bar" ExcludePath
AuthName "SiteName Administration"
AuthUserFile /.htpasswd
AuthType basic
Require valid-user
Order deny,allow
Deny from all
Allow from env=ExcludePath
Satisfy Any
I'm trying to prevent access to all files but ONE using .htaccess, in this way but it does not work.
<Files accessibleFile.php>
allow from all
</Files>
<Filesmatch "^((?!accessibleFile\.php).)*$">
AuthUserFile .htpasswd
AuthGroupFile /dev/null
AuthName "Restricted Access"
AuthType Basic
</Filesmatch>
<Limit GET POST>
require valid-user
</Limit>
Any one can help?
Added: I still want to have logged access to the other files.
This is enough:
Deny from all
<Files "allowed.php">
Allow from all
</Files>
Also note that your <Limit GET POST> directive makes your site vulnerable to HTTP Verb Tampering.
Put the file in a seperate folder and secure this folder using .htaccess and .htpasswd
Here you go
(Apache 2.2, minor modification on the Allow+Satisfy needed for Apache 2.4+):
AuthType Basic
AuthGroupFile /dev/null
AuthName "please log in"
AuthUserFile /is/htdocs/foo/.htpasswd
require user Mike
<FilesMatch "(admin-ajax.php|info.jpg)">
Allow from all
Satisfy any
</FilesMatch>
How do I write a RewriteRule for htaccess to block access to php/html (unless authenticated) and allow access to all other extensions?
You should be able to put a standard .htpassword auth inside a filesmatch attribute...
So...
<FilesMatch "\.(html|php)$">
AuthName "Private zone"
AuthType Basic
AuthUserFile .htpasswd
require valid-user
</FilesMatch>
That should cause any request to .html or .php to ask for a password, you must generate a valid .htpasswd file...