Apache2 with basic auth: exclude one location from auth (weird behaviour)

Solution 1

I'm afraid you seem to have misunderstood a few Apache concepts here. The argument in a <Directory> block is a full file system path, not one relative to the server root. You should never really change the <Directory /> block from the default. You do not need to change it for your configuration to work.

The argument to a <Location> block is relative to the server root. So you just need two of these blocks to achieve what you wish.

<Location "/assets/upload">
    Order deny,allow
    Allow from all
    Satisfy any
</Location>

<Location "/">
    AuthType Basic
    AuthName "Staging"
    AuthUserFile /var/.../.htpasswd
    AuthGroupFile /dev/null
    Require valid-user
</Location>

You should have a single <Directory /> block in the global/server context (i.e. not inside any vhost) and it should be something like this.

<Directory />
    Options FollowSymLinks
    AllowOverride None
    Order allow,deny
    Deny from all
</Directory>

Solution 2

In the /assets/upload directory, put another .htaccess file with these contents;

Allow from all
Satisfy any

This will override the more general settings of the file in the directory above it, and serve assets without requiring authorization.

Related videos on Youtube

06 : 05

Automating Basic Auth Reporting

Nick Ross

590

02 : 25

How to configure basic authentication in Apache httpd

Zariga Tongy

24

04 : 42

Apache – add basic auth to a location or directory

Webucator

6

05 : 32

How to Password Protect Apache with Basic Authentication

Tony Teaches Tech

5

03 : 03

Apache2 with basic auth: exclude one location from auth (weird behaviour) (2 Solutions!!)

Roel Van de Paar

3

Author by

mplattner

Updated on September 18, 2022