Apache2 with basic auth: exclude one location from auth (weird behaviour)
Solution 1
I'm afraid you seem to have misunderstood a few Apache concepts here. The argument in a <Directory>
block is a full file system path, not one relative to the server root. You should never really change the <Directory />
block from the default. You do not need to change it for your configuration to work.
The argument to a <Location>
block is relative to the server root. So you just need two of these blocks to achieve what you wish.
<Location "/assets/upload"> Order deny,allow Allow from all Satisfy any </Location> <Location "/"> AuthType Basic AuthName "Staging" AuthUserFile /var/.../.htpasswd AuthGroupFile /dev/null Require valid-user </Location>
You should have a single <Directory />
block in the global/server context (i.e. not inside any vhost) and it should be something like this.
<Directory /> Options FollowSymLinks AllowOverride None Order allow,deny Deny from all </Directory>
Solution 2
In the /assets/upload directory, put another .htaccess file with these contents;
Allow from all
Satisfy any
This will override the more general settings of the file in the directory above it, and serve assets without requiring authorization.
Related videos on Youtube
![mplattner](https://i.stack.imgur.com/ZuVVj.jpg?s=256&g=1)
mplattner
Updated on September 18, 2022Comments
-
mplattner almost 2 years
I have basic auth set for Directory / and want to exclude Location /assets/upload, but it just won't work, I have tried several options and tutorials.
This Location directive clears the Directory auth config and disables basic auth for the whole website:
<Directory "/"> AuthType Basic AuthName "Staging" AuthUserFile /var/.../.htpasswd AuthGroupFile /dev/null Require valid-user </Directory> <Location "/"> Order deny,allow Allow from all Satisfy any </Location>
However, I just want /assets/upload to be without basic auth, but if I change the 1st parameter of Location to /assets/upload, the whole page, including /assets/upload is protected by basic auth...
<Location "/assets/upload"> Order deny,allow Allow from all Satisfy any </Location>
What could be wrong here?
Version: Apache/2.2.16 (Debian)
-
mplattner over 11 yearsI can't put a .htaccess there as I am using the CakePHP framework - the initial request will always be to the index.php file. That's also the reason why I can't use the Directory but Location directive instead to disable auth basic for /assets/upload...
-
Stephan Richter over 7 yearssame problem here.