Exclusion of a protected sub-url does not work on Apache 2.4?
6,901
as "lain" pointed out the apache 2.4 Auth/Access control stuff has changed since 2.2. So I needed to modify it as follows:
AuthType Basic
AuthName 'Authentication required'
AuthUserFile /var/www/vhosts/pwd/.htpasswd
# Allow access to excluded directories
SetEnvIf Request_URI /shop/api noauth=1
<RequireAny>
Require env noauth
Require env REDIRECT_noauth
Require valid-user
</RequireAny>
In addition I had to add Require env REDIRECT_noauth
because PHP is using some redirect and this keeps the env variable noauth
set
Related videos on Youtube
Author by
megloff
Updated on September 18, 2022Comments
-
megloff almost 2 years
I try to exclude a sub-url "/shop/api" from my protected website. It worked fine on different server on Apache/2.2.15 but now not with Apache/2.4.7? It always asks for the basic authentication. Any Idea what I did wrong?
AuthType Basic AuthName 'Authentication required' AuthUserFile /var/www/vhosts/pwd/.htpasswd # Allow access to excluded diretories SetEnvIf Request_URI ^/shop/api/ noauth=1 Order deny,allow Satisfy any Deny from all Require valid-user Allow from env=noauth
-
Jenny D almost 9 yearsI am not clear on what you want to happen. Is your goal to have all directories protected by basic auth, with the exception of
/shop/api
which should allow anybody in without authentication? -
megloff almost 9 yearsyes exactly on
/shop/api
is running a php app which uses their own custom authentication -
user9517 almost 9 yearsThe Auth/Access control stuff has been changed considerably in 2.4 you'll need to re-engineer your configuration.
-
-
Volvox about 6 yearsMagic! After 3 days of trying to config this,
Require env REDIRECT_noauth
did the trick. Thanks! -
Tom over 4 yearsAfter trying a million solutions on the internet, this one worked. Thank you.