I want to ignore folders on my website, but as I often create subfolders on it, I want to ignore subfolders too.
Here's my .htaccess :
AuthType Basic
AuthName "Auth Required"
AuthUserFile ".htpasswd location"
Require valid-user
SetEnvIf Request_URI "(folder I want to ignore for everyone)$" allow
Order allow,deny
Allow from env=allow
# allow open access to entire site for those IPs:
allow from xx.xx.xxx.xx.xxx
Satisfy any
When I go to a subfolder, it keep asking for a login and password, but when I click on "Cancel" to cancel that login, everything goes fine and no other box is shown.
All I want is to not have this box shown.
Thanks !
.htaccess settings ALWAYS affects subfolders unless you override it with another .htaccess which would change the behaviour set in parent folder's .htaccess
Related
I protected an entire Wordpress site with an .htaccess in the /var/www/html direction containing the following regular authentication:
AuthName "Restricted Admin-Area"
AuthType Basic
AuthUserFile /var/www/html/.htpasswd
Require valid-user
However, now my boss asks me to unprotect just one page of the Wordpress site (specifically /subscription):
When we access www.site.com/subscription : no authentication is asked
When we access the rest of www.site.com : an authentication is asked
So I added the following as an exclusion:
SetEnvIf Request_URI "(subscription/)$" allow
SetEnvIf Request_URI "(subscription)$" allow
Order allow,deny
Allow from env=allow
Satisfy any
The problem though, is that for this exclusion to work, the subscription/ directory must exist "physically" on the server.
But it is a Wordpress page, generated automatically following index.php contained in the Wordpress database.
Therefore, the exclusion does not work and I'm asked an authentication when accessing this page.
I've looked for hours and tried to modify tons of things (even creating a subscription2/ directory pointing to subscription), but nothing worked.
Please can you help?
Thank you!
I have a website made with WordPress and I want to make two different htaccess logins for two template files. Is this possible?
I have this next code for one of the templates but I want to do the same thing for the second template, only with different username and password.
The templates are located in the same directory and the .htaccess, .htpasswd files are in the root of the website.
I tried user username instead of valid-user, made a different directory in public_html for another .htpasswd file with the password and username for the second file. Nothing worked as it should.
The code:
SetEnvIf Request_URI /colaborators/$ require_auth=true
AuthType Basic
AuthName "Restricted Area"
AuthUserFile /home/my_whole_path/public_html/.htpasswd
Require valid-user
Order Deny,Allow
Deny from all
Satisfy any
Require valid-user
# or 2. the "require_auth" var is NOT set
Allow from env=!require_auth
I will answer my own question, maybe this will help someone:
In my case, I had the .htaccess and .htpasswd files outside WordPress, in the root directory. What I had to do to make my second page .htaccess protected with different user and password than the first one:
I made a new directory in the root folder, inside it I created another .htaccess file and a new .htpasswd, plus my page (called it index.php).
SetEnvIf Request_URI /test/$ require_auth=true
AuthType Basic
AuthName "Restricted Area"
AuthUserFile /home/my_whole_path/public_html/new_directory/.htpasswd
Require valid-user
Order Deny,Allow
Deny from all
Satisfy any
Require valid-user
# or 2. the "require_auth" var is NOT set
Allow from env=!require_auth
In index.php I loaded WordPress with a require_once 'wp-load.php', the header.php and the rest of the page code.
And that's all.
Hope will help.
I use .htaccess to ask for credentials to access members only data. The .htaccess file is stored in one of the directories and protects everything in directories below it. The .htaccess file itself is very simple:
AuthName "Members Area"
AuthType Basic
AuthUserFile /home/xxxxx/public_html/xxx/data/.htpasswd
require valid-user
Problem is, when we moved to a new server (and built the new website within that directory using WordPress), the Authentication Box now comes up twice and requires users to enter the same correct login information both times.
I've read in other strings here about trailing /, but since I don't have a redirect or anything else in my .htaccess, I'm not quite sure what to do.
Anybody have any suggestions on a workaround or rewrite?
This is most likely because you're running an https redirect (or another redirect) inside another .htaccess file. So it is asking for the authentication once in http, and once in https. If you do this:
<If "%{HTTPS} == 'on'">
AuthType Basic
AuthName "Password Area"
AuthUserFile "/yourdirectory/.htpasswd"
<IfVersion >= 2.4>
AuthMerging And
</IfVersion>
Require valid-user
</If>
then it will only ask for the password once the redirect has happened. Otherwise, get rid of the second redirect.
We have a PHP site:
site.com
We want all subpaths from the root to require basic authentication. e.g.
site.com - no authentication required
site.com/subpath requires authentication
We have this directive:
<LocationMatch "^/.+$">
AuthName "members Only"
AuthType Basic
AuthBasicProvider file
AuthUserFile /Applications/MAMP/conf/apache/extra/auth-pass-file
Require valid-user
</LocationMatch>
However it is asking for a password when we go to http://site.com/ or http://site.com.
Can someone suggest a solution so that authorization only is asked for sub paths?
<LocationMatch "^/.*/.+$"> should work. Your LocationMatch is actually selecting everything in the root directory, you need to go one level down.
We added specific directories to check (ones that exist) and created an error redirect when people tried to fish for non-existent pages.
Because authz rules are applied not only to the actually-requested /, but also to what that expands to -- such as /index.html
You need to allow that separately, unfortunately...
I need to password protect a directory with .htaccess, which I have successfully done. But the front end of the website was programmed to link to images within this password protected directory (not by me), but when a webpage tries to access those images it prompts the user to login.
Is it possible to password protect that directory, but allow any access to any image file type like *.jpg and *.gif?
My current .htaccess code is this:
AuthName "Secure Area"
AuthUserFile "/home/siteuser/.htpasswds/public_html/admin/passwd"
AuthType Basic
require valid-user
Thanks for any help!
AuthName "Secure Area"
AuthUserFile "/home/siteuser/.htpasswds/public_html/admin/passwd"
AuthType Basic
require valid-user
<FilesMatch "\.(png|jpe?g|gif)$">
Satisfy Any
Allow from all
</FilesMatch>
Edit to incorporate Shef's improvement
You could check all the different options of configuration .htaccess gives you in the following site:
Stupid htaccess Tricks
Did you try put it inside Filematch?
<FilesMatch "^.*(png|jpe?g|gif)$">
AuthName "Secure Area"
AuthUserFile "/home/siteuser/.htpasswds/public_html/admin/passwd"
AuthType Basic
require valid-user
</FilesMatch>
What you could try is to write an image display proxy:
Keep the directory like you have it now, with password protection.
On the .htaccess on the root of the website where the images are linked, add a Rewrite rule for those image types you want. This rule should redirect the call to a PHP handler script.
That script should evaluate the path that was being requested, load the file from the filesystem, deduct its header and send that to the client using header(), followed by the image file's content echo file_get_contents()should do.
PHP is not affected by the .htaccess so it should be able to read the file you need and proxy it to the end user.