I have .htaccess file which is using on multiple domains.
Now I have part of this code which I must run only on my development site.
Is it possible to put if / else statement in .htaccess file?
This is part of code which I must run only on dev. site
AuthType Basic
AuthName "Login required"
AuthUserFile "/var/www/dev.mysite.com/.htpasswd"
ErrorDocument 401 default
<Files "login.php">
require valid-user
</Files>
Related
I know that the question has been asked here : htaccess exclude multiple url from Basic Auth but in the answer I didn't find the solution my problem so I reask here.
I want to block access to the root of a project in with htpasswd except for api url (it's not an existing folder but an endpoint controlled by index.php).
So far here is what I use for the htaccess :
<Location />
AuthType Basic
AuthName "Auth Required"
AuthUserFile /home/user/.htpasswd
Require valid-user
SetEnvIf Request_URI "(api|oauth)$" allow
Order allow,deny
Allow from env=allow
Satisfy any
</Location>
=> the htpasswd works but it blocks /api/xxx too.
Can somebody help me to correct that ?
You can use it like this:
SetEnvIf Request_URI "/(api|oauth)(/.*)?$" allow
AuthType Basic
AuthName "Auth Required"
AuthUserFile /home/user/.htpasswd
Require valid-user
Satisfy any
Order deny,allow
Deny from all
Allow from env=allow
Also note that the <Location> directive is not allowed in .htaccess.
I have a huge emergency here after upgrading main site to drupal 8 all my scripts in subfolders became unusable. I have following structure:
public_html
--subfolder
--subsubfolder
.htaccess -- custom file
certificate.php
index.php
.htaccess -- main Drupal8 htaccess
the custom file looks like this:
AuthType Basic
AuthName "SWARL Certificates generator"
AuthUserFile "/home/user/passwd"
require valid-user
<Files "^certificate\.php">
Allow from all
Satisfy Any
</Files>
Everything was working with drupal6 but not with drupal 8 Security is good, but how to properly setup free access to certificate.php and password protect intex.php?
weird enough the following works:
RewriteEngine On
RewriteRule !certificate.php - [F]
<Files "certificate.php">
Order Allow,Deny
Allow from all
Satisfy Any
</Files>
AuthType Basic
AuthName "SWARL Certificates generator"
AuthUserFile "/home/user/passwd"
require valid-user
I just placed both solutions simultaneously and removed slash before dot
I have the following code in my .htaccess file
AuthUserFile ./.htpasswd
AuthGroupFile /dev/null
AuthName "Dev Area One"
AuthType Basic
<Limit GET>
require valid-user
</Limit>
This causes a 500 internal server error because Apache says it can't find the file /etc/apache2/.htpasswd. That's because the .htpasswd is in the directory /var/www/html/dev1.staging.com/public_html/.htpasswd and my .htaccess is in /var/www/html/dev1.staging.com/public_html/.htaccess.
Can I replace AuthUserFile ./.htpasswd with AuthUserFile SOMEVARIABLE+.htpasswd so that every time other team members do a git pull origin master to their dev servers, the .htaccess will properly reference the .htpasswd which should be in the same directory as the .htaccess?
This is purely for development purposes only. There are some servers (some of which are shared hosting) where we do not have file writing access to, so we don't know immediately what directory our web projects are served out of, so we don't know ahead of time the absolute directory path to the .htpasswd.
You can use shell environment variable in path to AuthUserFile by using PassEnv directive:
PassEnv HOME
AuthUserFile ${HOME}/.htpasswd
AuthGroupFile /dev/null
AuthName "Dev Area One"
AuthType Basic
<Limit GET>
require valid-user
</Limit>
Above snippet will work only if each user stores .htpasswd directly under $HOME directory.
I have a secured website. The complete website is secured so, regardless of the page you ask, you have to enter the user/password.
I did this with this code in the htaccess
AuthUserFile /path/.htpass
AuthType Basic
AuthName "Website"
Require valid-user
Now, i want to add another authentification for a specific url. So i tried this :
SetEnvIf Request_URI ^/myurl require_auth=true
AuthUserFile /path/.htpmyrul
AuthName "Myurl"
AuthType Basic
Order Deny,Allow
Deny from all
Satisfy any
Require valid-user
Allow from env=!require_auth
It worked for myurl, but the problem is that this code "cancelled" the first code! So now, my website only ask for authentification when i visit myurl, but if i visit any other url, the website doesn't ask for authentification
Is it possible to have both authentifications work together ?
Thanks
Well you could do this.
In the main root of your htaccess file put this.
SetEnvIf Request_URI "/myurl" require_auth
AuthUserFile /path/to/.htpasswd
AuthName "Webiste"
AuthType Basic
Require valid-user
Order Deny,Allow
Deny from all
Allow from env=require_auth
Satisfy any
Then create a htaccess file inside myurl folder and put this example inside it.
AuthUserFile /path/to/other/.htpasswd
AuthName "myurl"
AuthType Basic
Require valid-user
Order Deny,Allow
Deny from all
Satisfy any
This should allow you to use another htpasswd for your sub folder.
I have password protected my entire website using .htaccess but I would like to expose one of the sub directories so that it can be viewed without a password.
How can I disable htaccess password protection for a sub directory? Specifically what is the .htaccess syntax.
Here is my .htaccess file that is placed in the root of my ftp.
AuthName "Site Administratrion"
AuthUserFile /dir/.htpasswd
AuthGroupFile /dev/null
AuthName secure
AuthType Basic
require user username1
order allow,deny
allow from all
You need to create a new .htaccess file in the required directory and include the Satisfy any directive in it like so, for up to Apache 2.3:
# allows any user to see this directory
Satisfy Any
The syntax changed in Apache 2.4, this has the same effect:
Require all granted
Adding to RageZ's answer, I used this in the Server Directives:
<Directory /var/www/protected/>
AuthType Basic
AuthName "Production"
AuthUserFile /path/to/.htpasswd
Require valid-user
</Directory>
<Directory /var/www/protected/unprotected>
Satisfy Any
</Directory>
Awesome. Thanks RageZ!
Simply create a new .htaccess in the desired subdirectory with this directive:
Allow from all
You can restrict to your IP only with :
Allow from x.x.x.x
See : http://httpd.apache.org/docs/current/mod/mod_access_compat.html
Here is a way to allow subdirectory "foo" through the basic authentication from the main .htaccess file on a site:
AuthType Basic
AuthName "Password Required"
AuthUserFile /dir/.htpasswd
Require expr %{REQUEST_URI} =~ m#^/foo/#
Require valid-user
Note: This works in Apache 2.4. I have not confirmed for earlier versions.
You need to add another .htaccess file to the subdirectory that overrides the authentication. .htaccess cascades upwards, i.e. it will look in the current folder, then go up a level and so on.
If you want to prevent any specific directoty from htaccess authentication then you can use following code in your htaccess file at top.
AuthType Basic
AuthName "Enter Pass"
AuthUserFile /home/public_html/.htpasswd /*PATH TO YOUR .htpasswd FILE*/
Require valid-user
SetEnvIf Request_URI "(/DIRECTORY_NAME/)$" allow
Order allow,deny
Allow from env=allow
Also If you want to prevent multiple directories then
add
SetEnvIf Request_URI "(/DIRECTORY_NAME/)$" allow
as many time as many directories, you want to remove from htaccess prevention.