.htaccess authentication with friendly url
I am trying to set up a .htaccess file to enable Basic Authentication on our development website.
I want authentication to work for my entire site, but for a specific URL. We use a friendly URL on our site.
I would also like to bypass authentication for certain file types like png, css, etc.
What I have so far looks like this:
SetEnvIfNoCase Request_URI ^/upload/ NO_AUTH
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /path/to/.htpasswd
Require valid-user
Satisfy any
Order deny,allow
Deny from all
Allow from env=NO_AUTH
<FilesMatch "\.(gif|jpe?g|png|css|js|swf)$">
Satisfy Any
</FilesMatch>
Authentication works fine, but SetEnvIfNoCase
doesn't seem to work because I'm still asking for authentication when navigating to the friendly URL '/ upload /'. Part FilesMatch
doesn't work either.
Can anyone help me?
Thank!
source to share
There you need 2 questions.
-
The container
<FilesMatch>
does nothing. You already have oneSatisfy Any
. You must add these extensions to a separateSetEnvIfNoCase
-
When you use rewrite rules that rewrite
/upload/
you need to include both the "friendly" URI as well as the rewritten URI, since the auth module is applied every step of the way (obviously since it's really too bad to bypass authentication by rewriting / aliases). This means, for example, if you have this rule:RewriteRule ^upload/(.*)$ /upload_script.php?file=$1 [L]
Then you need to have a NO_AUTH line for both /upload/
and /upload_script.php
:
SetEnvIfNoCase Request_URI ^/upload/ NO_AUTH
SetEnvIfNoCase Request_URI ^/upload_script.php NO_AUTH
Then, to turn to # 1:
SetEnvIfNoCase Request_URI \.(gif|jpe?g|png|css|js|swf)$ NO_AUTH
So an example sentence:
something you can try is to add a rule (similar to the example above
RewriteRule
), direct/upload/
to an intermediate script other thanindex.php
, and then from the intermediate script, callindex.php
.
So, using the above example /upload_script.php
, you should add this before any of your rules:
RewriteRule ^upload/ /upload_script.php [L]
So it looks something like this:
RewriteEngine On
RewriteRule ^upload/ /upload_script.php [L]
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]
RewriteRule ^.*$ index.php [NC,L]
Then you create a script called upload_script.php
which will have something like:
<?php
include_once "index.php";
?>
You can dump the array first $_SERVER['']
to see if everything is set to what Zend expects index.php
.
source to share