6

I need to setup apache to inverse match /admin location which is rewritten by default drupal htacess file. Simply ask for http auth for everything that is not /admin/*

I've tried this so far: 

   < LocationMatch "^/(?!admin)" >

    AuthName "Members Only"
    AuthType Basic
    AuthBasicProvider file
    AuthUserFile /path/to/.htpasswd
    Require valid-user

    < /LocationMatch >
Boian Mihailov
  • 121
  • 1
  • 5

1 Answers1

0

You can try using a SetEnvIf to check Request_URI for /admin, so you should end up with something like this:

# Set an environment variable if requesting /admin
SetEnvIf Request_URI ^/admin/? DONT_NEED_AUTH=true

# Setup your auth mechanism
AuthName "Members Only"
AuthType Basic
AuthBasicProvider file
AuthUserFile /path/to/.htpasswd

# Set the allow/deny order
Order Deny,Allow

# Indicate that any of the following will satisfy the Deny/Allow
Satisfy any

# First off, deny from all
Deny from all

# Allow outright if this environment variable is set
Allow from env=DONT_NEED_AUTH

# or require a valid user
Require valid-user

You may need to wrap that in the appropriate or tags if you are not putting this inside a .htaccess file.

Jon Lin
  • 142,182
  • 29
  • 220
  • 220
  • i tried these inside Directory tags for my /var/www, resulting in requiring auth for every request – Boian Mihailov Dec 01 '11 at 10:56
  • Have you tried replacing the `/admin` with what Drupal rewrites to? I'm not sure what module order takes precedence, mod-setenv or mod-rewrite – Jon Lin Dec 01 '11 at 11:02
  • SetEnvIf Request_URI "^/admin/?$" do_auth=1 AuthName "Members Only" AuthType Basic AuthBasicProvider file AuthUserFile /path/to/.htpasswd Require valid-user Order Allow,Deny Allow from all Deny from env=do_auth Satisfy Any works, but i am unable to reverse it, thats what i need – Boian Mihailov Dec 01 '11 at 12:16
  • What I posted works in my .htaccess, any request starting with /admin won't get authenticated, everything else will require authentication. That's what you mean by *Simply ask for http auth for everything that is not /admin/*, right? – Jon Lin Dec 01 '11 at 12:21
  • If that's not the case and I read your question wrong, then use what I have except change the line `Allow from env=DONT_NEED_AUTH` to `Allow from env=!DONT_NEED_AUTH` – Jon Lin Dec 01 '11 at 12:24
  • i will make a simple test without drupal in the tree i an not sure if its .htaccess is messing the things – Boian Mihailov Dec 01 '11 at 13:29
  • i've tested your solution on clean ubuntu install, its not working, however if i add env=!DONT_NEED_AUTH its matching admin and is asking for password for admin directory only. I also tried to craft a reverse regular expression but so far no luck also. Turning off mod_rewrite will allow everything from your suggestion to work properly with static directory /admin/. So i am facing some kind of conflict with rewrite itself. – Boian Mihailov Dec 02 '11 at 08:07
  • I tried this as well, and the exception on the path will not kick in. – Gabriel R. Aug 17 '12 at 06:55