6

I need to setup apache to inverse match /admin location which is rewritten by default drupal htacess file. Simply ask for http auth for everything that is not /admin/*

I've tried this so far: 

   < LocationMatch "^/(?!admin)" >

    AuthName "Members Only"
    AuthType Basic
    AuthBasicProvider file
    AuthUserFile /path/to/.htpasswd
    Require valid-user

    < /LocationMatch >

Improve this question

1 Answer 1

Reset to default
1

You can try using a SetEnvIf to check Request_URI for /admin, so you should end up with something like this:

# Set an environment variable if requesting /admin
SetEnvIf Request_URI ^/admin/? DONT_NEED_AUTH=true

# Setup your auth mechanism
AuthName "Members Only"
AuthType Basic
AuthBasicProvider file
AuthUserFile /path/to/.htpasswd

# Set the allow/deny order
Order Deny,Allow

# Indicate that any of the following will satisfy the Deny/Allow
Satisfy any

# First off, deny from all
Deny from all

# Allow outright if this environment variable is set
Allow from env=DONT_NEED_AUTH

# or require a valid user
Require valid-user

You may need to wrap that in the appropriate or tags if you are not putting this inside a .htaccess file.

Improve this answer
Sign up to request clarification or add additional context in comments.

9 Comments

i tried these inside Directory tags for my /var/www, resulting in requiring auth for every request
Have you tried replacing the /admin with what Drupal rewrites to? I'm not sure what module order takes precedence, mod-setenv or mod-rewrite
<pre> SetEnvIf Request_URI "^/admin/?$" do_auth=1 AuthName "Members Only" AuthType Basic AuthBasicProvider file AuthUserFile /path/to/.htpasswd Require valid-user Order Allow,Deny Allow from all Deny from env=do_auth Satisfy Any </pre> works, but i am unable to reverse it, thats what i need
What I posted works in my .htaccess, any request starting with /admin won't get authenticated, everything else will require authentication. That's what you mean by Simply ask for http auth for everything that is not /admin/, right?
If that's not the case and I read your question wrong, then use what I have except change the line Allow from env=DONT_NEED_AUTH to Allow from env=!DONT_NEED_AUTH
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.