开发者

How to do conditional .htaccess password protect

开发者 https://www.devze.com 2023-02-15 17:21 出处:网络
I\'m trying to password protect a specific url using a .htaccess. Different urls point to the same files but have different workings. I now need to password protect only one url. I\'m trying to do thi

I'm trying to password protect a specific url using a .htaccess. Different urls point to the same files but have different workings. I now need to password protect only one url. I'm trying to do this using setenvif but it doesn't seem to work. I might开发者_运维技巧 not fully understand the purpose or use of the apache setenv module.

This is my code what doesn't seem to work

SetEnvIfNoCase Host "topasswordprotect\.domain\.com$" protecturl
<IfDefine protecturl>
  Require valid-user
  AuthName "Please enter your name and password"
  AuthType Basic
  AuthUserFile .htpasswd
</IfDefine>


I finally figured it out. I indeed had to use the mod_rewrite engine. I was determined to have a solution which didn't involve me having to make extra files or directories.

Same files, no extra directories, one .htaccess:

# Case we are in the protected area!
RewriteCond %{REQUEST_FILENAME} index.php [OR]
RewriteCond %{REQUEST_FILENAME} !-f [OR]
RewriteCond %{REQUEST_URI} ^(\/){1}$
RewriteCond %{REQUEST_FILENAME} !-d [OR]
RewriteCond %{REQUEST_URI} ^(\/){1}$
RewriteCond %{HTTP_HOST} ^(protected)\.mydomain\.com$
RewriteRule ^(.*)$ admin.php%{REQUEST_URI} [L]

#default rewrite
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [L]

#only protect access to admin.php which is a symlink to index.php
<FilesMatch "admin.php">
  AuthUserFile .htpasswd
  AuthName EnterPassword
  AuthType Basic
  require valid-user
</FilesMatch>


Well, this can actually be achieved without mod_rewrite and with SetEnvIf. I needed it for dev site to test how Facebook OpenGraph tags work.

# allow facebook external hit
SetEnvIf user-agent "facebookexternalhit/1.1" allowthis
# disallow some other stuff
SetEnvIfNoCase Host "topasswordprotect\.domain\.com$" !allowthis

AuthType Basic
AuthName "dev access"
AuthUserFile .htpasswd
Require valid-user

Allow from allowthis=1
Satisfy Any

The IfDefine works on defines which are not same as environment variables.

A quote from apache docs:

The parameter-name argument is a define as given on the httpd command line via -Dparameter- , at the time the server was started.


Might not be directly possible directly but could you have another password protected directory which has the original directory linked into it? You could the use mod_rewrite to redirect the matching requests to password protected directory.

RewriteEngine on
RewriteCond %{HTTP_HOST} ^www.myhost.tld$
RewriteRule ^/foo/(.*)$ /bar/linkeddir/$1
0

精彩评论

暂无评论...
验证码 换一张
取 消

关注公众号