Clever Geek Handbook

.htaccess authentication with friendly url

I am trying to set up a .htaccess file to enable Basic Authentication on our development website.

I want authentication to work for my entire site, but for a specific URL. We use a friendly URL on our site.

I would also like to bypass authentication for certain file types like png, css, etc.

What I have so far looks like this:

SetEnvIfNoCase Request_URI ^/upload/ NO_AUTH
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /path/to/.htpasswd
Require valid-user
Satisfy  any
Order deny,allow
Deny from all
Allow from env=NO_AUTH
<FilesMatch "\.(gif|jpe?g|png|css|js|swf)$">
    Satisfy Any
</FilesMatch>

Authentication works fine, but SetEnvIfNoCase

doesn't seem to work because I'm still asking for authentication when navigating to the friendly URL '/ upload /'. Part FilesMatch

doesn't work either.

Can anyone help me?

Thank!

+3


source to share


1 answer


There you need 2 questions.

  • The container <FilesMatch>

    does nothing. You already have one Satisfy Any

    . You must add these extensions to a separateSetEnvIfNoCase

  • When you use rewrite rules that rewrite /upload/

    you need to include both the "friendly" URI as well as the rewritten URI, since the auth module is applied every step of the way (obviously since it's really too bad to bypass authentication by rewriting / aliases). This means, for example, if you have this rule:

    RewriteRule ^upload/(.*)$ /upload_script.php?file=$1 [L]

Then you need to have a NO_AUTH line for both /upload/

and /upload_script.php

:

SetEnvIfNoCase Request_URI ^/upload/ NO_AUTH
SetEnvIfNoCase Request_URI ^/upload_script.php NO_AUTH

Then, to turn to # 1:

SetEnvIfNoCase Request_URI \.(gif|jpe?g|png|css|js|swf)$ NO_AUTH

So an example sentence:



something you can try is to add a rule (similar to the example above RewriteRule

), direct /upload/

to an intermediate script other than index.php

, and then from the intermediate script, call index.php

.

So, using the above example /upload_script.php

, you should add this before any of your rules:

RewriteRule ^upload/ /upload_script.php [L]

So it looks something like this:

RewriteEngine On 

RewriteRule ^upload/ /upload_script.php [L]

RewriteCond %{REQUEST_FILENAME} -s [OR] 
RewriteCond %{REQUEST_FILENAME} -l [OR] 
RewriteCond %{REQUEST_FILENAME} -d 
RewriteRule ^.*$ - [NC,L] 

RewriteRule ^.*$ index.php [NC,L]

Then you create a script called upload_script.php

which will have something like:

<?php
  include_once "index.php";
?>

You can dump the array first $_SERVER['']

to see if everything is set to what Zend expects index.php

.

+1


source






More articles:


All Articles