Password protect a specific URL

Question

The site is on shared hosting. I need to password protect a single URL.

http://www.example.com/pretty/url 

Obviously that's not a physical file path I'm trying to protect, it's just that particular URL.

Any quick solution with .htaccess?

Answer 1

You should be able to do this using the combination of mod_env and the Satisfy any directive. You can use SetEnvIf to check against the Request_URI, even if it's not a physical path. You can then check if the variable is set in an Allow statement. So either you need to log in with password, or the Allow lets you in without password:

# Do the regex check against the URI here, if match, set the "require_auth" var SetEnvIf Request_URI ^/pretty/url require_auth=true  # Auth stuff AuthUserFile /var/www/htpasswd AuthName "Password Protected" AuthType Basic  # Setup a deny/allow Order Deny,Allow # Deny from everyone Deny from all # except if either of these are satisfied Satisfy any # 1. a valid authenticated user Require valid-user # or 2. the "require_auth" var is NOT set Allow from env=!require_auth 

Answer 2

You can use <LocationMatch> or simply <Location> inside your <VirtualHost> directive to do this (assuming you have access to your httpd.conf / vhost.conf - alternatively you could put something similar in a .htaccess in your document root if you have to configure your site that way).

For example:

<VirtualHost *:80>   ServerName www.example.com   DocumentRoot /var/www/blabla   # Other usual vhost configuration here   <Location /pretty/url>     AuthUserFile /path/to/.htpasswd     AuthGroupFile /dev/null     AuthName "Password Protected"     AuthType Basic     require valid-user   </Location> </VirtualHost> 

You might find <LocationMatch> more useful if you want to match a regular expression against your pretty URL. The documentation is here.