Menu
I need to exclude one Url (or even better one prefix) from normal htaccess Basic Auth protection. Something like /callbacks/myBank or /callbacks/.* Do you have any hints how to do it?
What I'm not looking for is how to exclude a file. This has to be url (as this is solution based on PHP framework, and all urls are redirected with mod_rewrite to index.php). So there is no file under this URL. Nothing.
Some of those urls are just callbacks from other services (No IP is not known so I cannot exclude based on IP) and they cannot prompt for User / Password.
Current definition is as simple as:
AuthName "Please login." AuthGroupFile /dev/null AuthType Basic AuthUserFile /xxx/.htpasswd require valid-user 
718
Using SetEnvIf, you can create a variable when the request starts with some path, then use the Satisfy Any directive to avoid having to login.
# set an environtment variable "noauth" if the request starts with "/callbacks/" SetEnvIf Request_URI ^/callbacks/ noauth=1 # the auth block AuthName "Please login." AuthGroupFile /dev/null AuthType Basic AuthUserFile /xxx/.htpasswd # Here is where we allow/deny Order Deny,Allow Satisfy any Deny from all Require valid-user Allow from env=noauth The allow/deny chunk of directives says that deny access for EVERYONE, except when there is a valid-user (successful BASIC auth login) or if the noauth variable is set.
197
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
