How to prevent access to all but ONE file with htaccess - .htaccess

I'm trying to prevent access to all files but ONE using .htaccess, in this way but it does not work.
<Files accessibleFile.php>
allow from all
</Files>
<Filesmatch "^((?!accessibleFile\.php).)*$">
AuthUserFile .htpasswd
AuthGroupFile /dev/null
AuthName "Restricted Access"
AuthType Basic
</Filesmatch>
<Limit GET POST>
require valid-user
</Limit>
Any one can help?
Added: I still want to have logged access to the other files.

This is enough:
Deny from all
<Files "allowed.php">
Allow from all
</Files>
Also note that your <Limit GET POST> directive makes your site vulnerable to HTTP Verb Tampering.

Put the file in a seperate folder and secure this folder using .htaccess and .htpasswd

Here you go
(Apache 2.2, minor modification on the Allow+Satisfy needed for Apache 2.4+):
AuthType Basic
AuthGroupFile /dev/null
AuthName "please log in"
AuthUserFile /is/htdocs/foo/.htpasswd
require user Mike
<FilesMatch "(admin-ajax.php|info.jpg)">
Allow from all
Satisfy any
</FilesMatch>

Related

htaccess to index.php only (no subfolders, files etc)

Im trying to password protect index.php (or html) file only but can't manage. Subfolders need to be accessed without password...
Something like...
<Files "/var/www/clientarea/index.php">
AuthUserFile /var/www/clientarea/.htpasswd
AuthName "Salasanasuojattu sivusto"
AuthType Basic
require valid-user
</Files>
Try this code:
SetEnvIfNoCase Request_URI "^/index\.(php|html?)" SECURED
AuthUserFile /var/www/clientarea/.htpasswd
AuthName "Salasanasuojattu sivusto"
AuthType Basic
require valid-user
Satisfy any
Order allow,deny
Allow from all
Deny from env=SECURED

Password protection for a single .htaccess rewrite

I need a password protection for a single site. This is a seo friendly url:
The default path is:
http://www.website-url.com/index.php?id_cms=xx&controller=cms
and here is the seo url:
http://www.website-url.com/content/xx-login
I have already the .htaccess and .htpasswd, but how to specify rewriting in .htaccess only for this url? I tried this:
<filesMatch "http://www.website-url.com/content/xx-login">
IndexIgnore .htaccess .htpasswd
AuthUserFile /absolut_path/.htpasswd
AuthName "Login"
AuthType Basic
require valid-user
</filesMatch>
I'm using Prestashop.
FilesMatch doesn't work that way, you could try using SetEnvIf to bypass the Auth unless the URI is something specific (which is what I gather you are trying to do):
IndexIgnore .htaccess .htpasswd
SetEnvIfNoCase Request_URI "^/content/xx-login" SECURED
# enforce auth if SECURED
AuthType Basic
AuthName "Login"
AuthUserFile /absolut_path/.htpasswd
Require valid-user
Order allow,deny
Allow from env=!SECURED
Satisfy any

How do I protect index.php with .htaccess

I am trying to protect an index.php page of a subfolder with .htaccess.
The protection works as expected when I navigate to example.com/subfolder/index.php. However, when I just go to example.com/subfolder I get a 401 error.
Here is the relevant .htacess code:
AuthUserFile /home/myfolder/subfolder/.htpasswd
AuthName "Please enter your password"
AuthType Basic
<files index.php>
require valid-user
</files>
What do I need to do differently?
You should put a new .htaccess file in the subfolder directory with just the following in it:
AuthUserFile /home/myfolder/subfolder/.htpasswd
AuthName "Please enter your password"
AuthType Basic
require valid-user
That will password protect the entire directory

htaccess protect all website but some paths

I need to protect all http://domain.com with AuthType Basic, but leave http://domain.com/foo/bar
(http://domain.com/foo/bar is a rewrite url, not a folder)
I read about location tag but it not work in htaccess file :(.
RewriteCond %{REQUEST_URI} !^(foo/bar)
-- protect howsoever you want --
I found the answer:
SetEnvIfNoCase REQUEST_URI "/foo/bar" ExcludePath
AuthName "SiteName Administration"
AuthUserFile /.htpasswd
AuthType basic
Require valid-user
Order deny,allow
Deny from all
Allow from env=ExcludePath
Satisfy Any

htaccess RewriteRule to block php/html, allow all others...?

How do I write a RewriteRule for htaccess to block access to php/html (unless authenticated) and allow access to all other extensions?
You should be able to put a standard .htpassword auth inside a filesmatch attribute...
So...
<FilesMatch "\.(html|php)$">
AuthName "Private zone"
AuthType Basic
AuthUserFile .htpasswd
require valid-user
</FilesMatch>
That should cause any request to .html or .php to ask for a password, you must generate a valid .htpasswd file...

Resources