disable http auth for specific rewritten location

About

Asked 1/12, 2011 at 8:47 Answered 1/12, 2011 at 10:16

I need to setup apache to inverse match /admin location which is rewritten by default drupal htacess file. Simply ask for http auth for everything that is not /admin/*

I've tried this so far:

   < LocationMatch "^/(?!admin)" >

    AuthName "Members Only"
    AuthType Basic
    AuthBasicProvider file
    AuthUserFile /path/to/.htpasswd
    Require valid-user

    < /LocationMatch >

Loafer answered 1/12, 2011 at 8:47 Comment(0)

You can try using a SetEnvIf to check Request_URI for /admin, so you should end up with something like this:

# Set an environment variable if requesting /admin
SetEnvIf Request_URI ^/admin/? DONT_NEED_AUTH=true

# Setup your auth mechanism
AuthName "Members Only"
AuthType Basic
AuthBasicProvider file
AuthUserFile /path/to/.htpasswd

# Set the allow/deny order
Order Deny,Allow

# Indicate that any of the following will satisfy the Deny/Allow
Satisfy any

# First off, deny from all
Deny from all

# Allow outright if this environment variable is set
Allow from env=DONT_NEED_AUTH

# or require a valid user
Require valid-user

You may need to wrap that in the appropriate or tags if you are not putting this inside a .htaccess file.

Edraedrea answered 1/12, 2011 at 10:16 Comment(9)

i tried these inside Directory tags for my /var/www, resulting in requiring auth for every request – Loafer 1/12, 2011 at 10:56

Have you tried replacing the /admin with what Drupal rewrites to? I'm not sure what module order takes precedence, mod-setenv or mod-rewrite – Edraedrea 1/12, 2011 at 11:2

<pre> SetEnvIf Request_URI "^/admin/?$" do_auth=1 AuthName "Members Only" AuthType Basic AuthBasicProvider file AuthUserFile /path/to/.htpasswd Require valid-user Order Allow,Deny Allow from all Deny from env=do_auth Satisfy Any </pre> works, but i am unable to reverse it, thats what i need – Loafer 1/12, 2011 at 12:16

What I posted works in my .htaccess, any request starting with /admin won't get authenticated, everything else will require authentication. That's what you mean by Simply ask for http auth for everything that is not /admin/, right? – Edraedrea 1/12, 2011 at 12:21

If that's not the case and I read your question wrong, then use what I have except change the line Allow from env=DONT_NEED_AUTH to Allow from env=!DONT_NEED_AUTH – Edraedrea 1/12, 2011 at 12:24

i will make a simple test without drupal in the tree i an not sure if its .htaccess is messing the things – Loafer 1/12, 2011 at 13:29

i've tested your solution on clean ubuntu install, its not working, however if i add env=!DONT_NEED_AUTH its matching admin and is asking for password for admin directory only. I also tried to craft a reverse regular expression but so far no luck also. Turning off mod_rewrite will allow everything from your suggestion to work properly with static directory /admin/. So i am facing some kind of conflict with rewrite itself. – Loafer 2/12, 2011 at 8:7

I tried this as well, and the exception on the path will not kick in. – Avisavitaminosis 17/8, 2012 at 6:55

You're a savior! – Stepson 7/3 at 9:31

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags