Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to make Basic Auth exclude a rewritten URL

I have a Basic Authentication setup on a development server. It is setup inside my httpd.conf file for the VirtualHost of the website. I've had to set up it to exclude certain directories, which has caused no problems and all works fine.

The issue has been with excluding a URL that has been through my mod_rewrite rules in the .htaccess file. My set up is that I have all URLs going through my index.php file and from there the relevant code is found and ran. I tried adding the URL that I wanted to exclude (/businesses/upload_logo) like I did the others but it still requires authentication. This is what I currently have:

...
<Location />
    SetEnvIf Request_URI "/businesses/upload_logo" noauth=1
    SetEnvIf Request_URI "/api/.*" noauth=1

    AuthType Basic
    AuthName "Private"
    AuthUserFile ****
    Require valid-user

    Order deny,allow
    Satisfy any
    Deny from all
    Allow from env=noauth
</Location>
....

I have found questions that are similar to mine here & here but the answers only give me what I'm already trying.

I have thought of possible other solutions as well, but these will be last resort things. I want to see if it's possible the way I'm currently doing it:

  • Set up the basic auth inside my php code instead
    • Too much hassle at the moment
  • Put the authentication in my .htaccess file instead
    • Didn't want to do this just yet as I only want the authentication to happen on one of 3 servers. I'm aware that I could use some more SetEnvIf HOST ... but I'm looking to see if it can be fixed this way or not first.

The mod_rewrite rule:

...

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule (.*) index.php [L,QSA]
like image 903
Josh Avatar asked Dec 19 '12 10:12

Josh


2 Answers

Try adding

Allow from env=REDIRECT_noauth
like image 154
Gerben Avatar answered Sep 23 '22 18:09

Gerben


For me something like this works like a charm:

<location />
        SetEnvIf Request_URI "/businesses/upload_logo" REDIRECT_noauth=1
        AuthType Basic
        AuthName "Restricted Files"
        AuthUserFile /etc/httpd/passwords/passwords
        Order Deny,Allow
        Satisfy any
        Deny from all
        Allow from env=REDIRECT_noauth
        Require user yournickname
</location>
like image 26
bluszcz Avatar answered Sep 20 '22 18:09

bluszcz