0

Two scenarios:

Directory

I want my entire server to be password-protected, so I included this directory config in my sites-enabled/000-default:

<Directory />
  Options FollowSymLinks
  AllowOverride None
  AuthType Basic
  AuthName "Restricted Files"
  AuthUserFile /etc/apache2/passwords
  Require user someuser
</Directory>

The question is how can I exclude a specific URL from this?

Proxy

I found that the above password protection doesn't apply to mod_proxy, so I added this to my proxy.conf:

<Proxy *>
  Order deny,allow
  Allow from all

  AuthType Basic
  AuthName "Restricted Files"
  AuthUserFile /etc/apache2/passwords
  Require user someuser
</Proxy>

How do I exclude a specific proxied URL from the password protection? I tried adding a new segment:

<Proxy http://myspecific.url/>
  AuthType None
</Proxy>

but that didn't quite do the trick.

ripper234
  • 5,710
  • 9
  • 40
  • 49

1 Answers1

4

Use Satisfy Any to exclude something from AuthType requirements.

If you can be more specific about what the URL is to be excluded and how your site is configured now, then I can be more specific about how this should be applied.

Shane Madden
  • 112,982
  • 12
  • 174
  • 248
  • I thought my description above was rather detailed ... what is missing? The specific URL I'm trying to exclude from basic auth is http://mysite.com/status. Truth be told, this question might not be so relevant to me now, because of this: http://serverfault.com/questions/371907/can-you-pass-user-pass-for-http-basic-authentication-in-url-parameters – ripper234 Mar 22 '12 at 08:34