htaccess - How to use Basic Authentication for everything but one URL?
This is a discussion on htaccess - How to use Basic Authentication for everything but one URL? within the Linux Web Servers forums, part of the Web Server and Related Forums category; Hi, I can't seem to figure this out. Here's what I'm trying so far in my htaccess ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
01-14-2007
|
|||
|
|||
htaccess - How to use Basic Authentication for everything but one URL?
Hi,
I can't seem to figure this out. Here's what I'm trying so far in my htaccess file but I still get prompted for a password when I visit the url I want to be openly available. Please help. AuthName "ideaspace" AuthType Basic AuthUserFile /private/.htpasswd require valid-user <files ".htaccess"> order allow,deny deny from all </files> <FilesMatch "/index.php?title=Special:Recentchanges&feed=rss"> allow from all </FilesMatch> |
|
01-17-2007
|
|||
|
|||
|
Re: htaccess - How to use Basic Authentication for everything but one URL?
Am 13 Jan 2007 16:52:31 -0800 schrieb gregpinero@gmail.com:
> Hi, > > I can't seem to figure this out. Here's what I'm trying so far in my > htaccess file but I still get prompted for a password when I visit the > url I want to be openly available. Please help. > > AuthName "ideaspace" > AuthType Basic > AuthUserFile /private/.htpasswd > require valid-user > > <files ".htaccess"> > order allow,deny > deny from all > </files> > > <FilesMatch "/index.php?title=Special:Recentchanges&feed=rss"> > allow from all > </FilesMatch> I think you can't match against the QUERY_STRING using <FilesMatch>. To do access control in respect of the QUERY_STRING you can use a combination of RewriteRules to set a special environment variable and the "allow from env=" Feature. Read the docs to fix any errors in the following configuration example. *g* RewriteEngine On RewriteCond %{QUERY_STRING} ^title=Special:Recentchanges&feed=rss$ RewriteRule index.php - [E=ALLOW_RSS_FEED:1] <Files index.php> Satisfy Any Order Allow,Deny Allow from env=ALLOW_RSS_FEED </Files> hth, ..max |
|
01-17-2007
|
|||
|
|||
|
Re: htaccess - How to use Basic Authentication for everything but one URL?
Max Dittrich wrote:
> I think you can't match against the QUERY_STRING using <FilesMatch>. To do > access control in respect of the QUERY_STRING you can use a combination of > RewriteRules to set a special environment variable and the "allow from > env=" Feature. > > Read the docs to fix any errors in the following configuration example. *g* > > RewriteEngine On > RewriteCond %{QUERY_STRING} ^title=Special:Recentchanges&feed=rss$ > RewriteRule index.php - [E=ALLOW_RSS_FEED:1] > > <Files index.php> > Satisfy Any > > Order Allow,Deny > Allow from env=ALLOW_RSS_FEED > </Files> > > > hth, Thanks, .max. That looks like a promising start. For this case I ended up figuring out how to just lock down every page of my MediaWiki installation except for that page: http://meta.wikimedia.org/wiki/Preventing_Access Another idea that I didn't realize is that I heard one can put the username and password into the URL when using basic authentication? That would have worked in this case too. But in any case, it's very good to know how to do this. -Greg |
Linear Mode
