Is it possible to password protect a virtual directory (such as a wordpress category):
/c/sofas/
It looks like <Location /c/sofas/> would work in httpd_config, but not .htaccess
Is it possible? Possibly with a mod_rewrite somewhere?
Password protect a virtual directory? - .htpasswd/.htaccess
AFAIK no, but it wouldn't really make sense, either - seeing as an attacker could simply figure out the real URL behind the rewritten one, and access that. (Perhaps if you edit in your exact use case, somebody can come up with an alternative solution) –
Springlet
Check out #12204489 –
Circulate
Pekka -- the example below is a perfect example, which James Holwell also linked to. It's in a WordPress-like system -- there is no way they can access the content accept on that URL. –
Proustite
Unfortunately <Location> directive isn't allowed in .htaccess.
But there is an alternate neat solution using mod_setenvif.
# set env variable SECURED if current URI is /c/sofas/
SetEnvIfNoCase Request_URI "^/c/sofas/" SECURED
# invoke basic auth is SECURED is set
AuthType Basic
AuthName "My Protected Area"
AuthUserFile /full/path/to/passwords
Require valid-user
Satisfy any
Order allow,deny
Allow from all
Deny from env=SECURED
I was just alerted that there's a strange bug. If you hit "Cancel" it still loads the page. Do you know anyway to prevent that from happening? –
Proustite
Ok let me try to reproduce it. –
Clearwing
Sorry I had the
allow,deny reversed. Try it now. –
Clearwing Working now, thanks! I should really read more about the area. –
Proustite
Spoke to soon -- it applied it to the whole website. –
Proustite
I have tested it again and again and didn't find any problem. Auth dialog is shown only for a particular
/c/sofas/ URLs. –
Clearwing I am guessing it has to do with something else -- this still seems to be the right answer. Thank you –
Proustite
© 2022 - 2024 — McMap. All rights reserved.