I have a website where no one is allowed to enter without entering the basic auth credentials.
However, I need the media folder to be accessible by everyone, because we are using a third party extension which creates PDF's and we can only fully test them if the media is accessible.
The media folder is at /var/www/company/pub/media
.
The domain (www.example.com) points to /var/www/company/pub
, so the pub folder is the entry point.
This is my .htaccess attempt (/var/www/company/.htaccess
):
RewriteEngine on
RewriteCond %{REQUEST_URI} !^/pub/
RewriteCond %{REQUEST_URI} !^/setup/
RewriteCond %{REQUEST_URI} !^/update/
RewriteCond %{REQUEST_URI} !^/dev/
RewriteRule .* /pub/$0 [L]
DirectoryIndex index.php
AuthType Basic
AuthName "Protected"
AuthUserFile "/var/www/company/.htpasswd"
# Exclude media folder from basic auth
SetEnvIf Request_URI "^/media/*" media
Order allow,deny
Require valid-user
Allow from env=media
Deny from env=!media
Satisfy any
But if I try to call http://www.example.com/media/someimage.jpg then I still get the basic auth login prompt.
Environment:
Apache 2.4.41 (Ubuntu)