I have basic authentication on a development server. It is configured inside my httpd.conf file for the VirtualHost website. I had to configure it to exclude certain directories, which did not cause any problems, and everything worked fine.
The problem was to exclude the URL that went through my mod_rewrite rules in the .htaccess file. My setup is that I have all the URLs going through my index.php file, and from there the corresponding code is found and run. I tried adding the URL that I wanted to exclude ( /businesses/upload_logo ), as I did others, but it still requires authentication. This is what I have now:
... <Location /> SetEnvIf Request_URI "/businesses/upload_logo" noauth=1 SetEnvIf Request_URI "/api/.*" noauth=1 AuthType Basic AuthName "Private" AuthUserFile **** Require valid-user Order deny,allow Satisfy any Deny from all Allow from env=noauth </Location> ....
I found questions similar to mine here and here , but the answers only give me what I'm already trying.
I also thought about possible other solutions, but this will be the last resort. I want to see if it is possible, as I do it now:
- Configure basic auth inside my php code instead
- Too much trouble at the moment
- Put authentication in my
.htaccess file- I did not want to do this yet, because I want authentication to take place on one of the 3 servers. I know that I could use a few more
SetEnvIf HOST ... but I am looking to see if this can be fixed this way or not the first.
The mod_rewrite rule:
... RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule (.*) index.php [L,QSA]
authentication apache .htaccess mod-rewrite .htpasswd
Josh Dec 19 '12 at 10:25 2012-12-19 10:25
source share