I need a password protection for a single site. This is a seo friendly url:
The default path is:
http://www.website-url.com/index.php?id_cms=xx&controller=cms
and here is the seo url:
http://www.website-url.com/content/xx-login
I have already the .htaccess and .htpasswd, but how to specify rewriting in .htaccess only for this url? I tried this:
<filesMatch "http://www.website-url.com/content/xx-login">
IndexIgnore .htaccess .htpasswd
AuthUserFile /absolut_path/.htpasswd
AuthName "Login"
AuthType Basic
require valid-user
</filesMatch>
I'm using Prestashop.
FilesMatch doesn't work that way, you could try using SetEnvIf to bypass the Auth unless the URI is something specific (which is what I gather you are trying to do):
IndexIgnore .htaccess .htpasswd
SetEnvIfNoCase Request_URI "^/content/xx-login" SECURED
# enforce auth if SECURED
AuthType Basic
AuthName "Login"
AuthUserFile /absolut_path/.htpasswd
Require valid-user
Order allow,deny
Allow from env=!SECURED
Satisfy any
Related
Im trying to password protect index.php (or html) file only but can't manage. Subfolders need to be accessed without password...
Something like...
<Files "/var/www/clientarea/index.php">
AuthUserFile /var/www/clientarea/.htpasswd
AuthName "Salasanasuojattu sivusto"
AuthType Basic
require valid-user
</Files>
Try this code:
SetEnvIfNoCase Request_URI "^/index\.(php|html?)" SECURED
AuthUserFile /var/www/clientarea/.htpasswd
AuthName "Salasanasuojattu sivusto"
AuthType Basic
require valid-user
Satisfy any
Order allow,deny
Allow from all
Deny from env=SECURED
Following situation:
I wish to redirect all IP adresses (but NOT two fixed ones) if accessing the www.mydomain.tld/SubFolder1/ on my apache to www.mydomain.tld
Offen basic authentication for the www.mydomain.tld/SubFolder1/ with differen usernames
any idea how to do that?
I tried to use one htaccess file where i added some redirection rules and the basic auth stuff. But I never got the redirection rules to work correctly. Seamed the auth stuff is overwriting the redirection rules. Could that be?
I use the following code for the Authentication
AuthName "Restricted"
AuthType Basic
AuthUserFile //is/htdocs/www/subfolder1/.htpasswd
AuthGroupFile /dev/null
require valid-user
You can use this code in your DOCUMENT_ROOT/SubFolder1/.htaccess file:
RewriteEngine On
RewriteCond %{REMOTE_ADDR} !^(192\.168\.0\.10|192\.168\.0\.20)$
RewriteRule ^$ http://www.mydomain.tld/ [L,R]
SetEnvIf Remote_Addr ^(192\.168\.0\.10|192\.168\.0\.20)$ DOAUTH
AuthName "Restricted"
AuthType Basic
AuthUserFile //is/htdocs/www/subfolder1/.htpasswd
AuthGroupFile /dev/null
require valid-user
Satisfy any
Order allow,deny
Allow from all
Deny from env=DOAUTH
SetEnvIf is needed because mod_auth runs before mod_rewrite hence env set by mod_rewrite cannot be used mod_auth.
I need to protect all http://domain.com with AuthType Basic, but leave http://domain.com/foo/bar
(http://domain.com/foo/bar is a rewrite url, not a folder)
I read about location tag but it not work in htaccess file :(.
RewriteCond %{REQUEST_URI} !^(foo/bar)
-- protect howsoever you want --
I found the answer:
SetEnvIfNoCase REQUEST_URI "/foo/bar" ExcludePath
AuthName "SiteName Administration"
AuthUserFile /.htpasswd
AuthType basic
Require valid-user
Order deny,allow
Deny from all
Allow from env=ExcludePath
Satisfy Any
I'm trying to prevent access to all files but ONE using .htaccess, in this way but it does not work.
<Files accessibleFile.php>
allow from all
</Files>
<Filesmatch "^((?!accessibleFile\.php).)*$">
AuthUserFile .htpasswd
AuthGroupFile /dev/null
AuthName "Restricted Access"
AuthType Basic
</Filesmatch>
<Limit GET POST>
require valid-user
</Limit>
Any one can help?
Added: I still want to have logged access to the other files.
This is enough:
Deny from all
<Files "allowed.php">
Allow from all
</Files>
Also note that your <Limit GET POST> directive makes your site vulnerable to HTTP Verb Tampering.
Put the file in a seperate folder and secure this folder using .htaccess and .htpasswd
Here you go
(Apache 2.2, minor modification on the Allow+Satisfy needed for Apache 2.4+):
AuthType Basic
AuthGroupFile /dev/null
AuthName "please log in"
AuthUserFile /is/htdocs/foo/.htpasswd
require user Mike
<FilesMatch "(admin-ajax.php|info.jpg)">
Allow from all
Satisfy any
</FilesMatch>
How do I write a RewriteRule for htaccess to block access to php/html (unless authenticated) and allow access to all other extensions?
You should be able to put a standard .htpassword auth inside a filesmatch attribute...
So...
<FilesMatch "\.(html|php)$">
AuthName "Private zone"
AuthType Basic
AuthUserFile .htpasswd
require valid-user
</FilesMatch>
That should cause any request to .html or .php to ask for a password, you must generate a valid .htpasswd file...