4

I have a webserver that is completely locked down with Basic Auth

<Location />
    AuthType Basic
    # [...] rest of basic auth stuff
    require valid-user
    order deny,allow
    deny from all
    Satisfy any
</Location>

One subdirectory is accessible without auth:

<Location /public>
  allow from all
  Satisfy any
</Location>

This is working fine. Now I want to allow access without login to some scripts that are accessed with mod_rewrite:

RewriteRule ^phonebook/show/(.+)$ /quicksearchShow.php?uid=$1 [NC]
RewriteRule ^phonebook/(.+)$ /quicksearch.php?s=$1 [NC]
RewriteRule ^phonebook$ /quicksearch.php [NC]

Some ways I tried:

<Location ~ "/phonebook*">
    Allow from all
    Satisfy Any
</Location>

<Location /phonebook>
    Allow from all
    Satisfy Any
</Location>

<LocationMatch "^phonebook.*">
    Allow from all
    Satisfy Any
</LocationMatch>

None of these options work. I assume because /phonebook is not an actual directory on the server. So I tried some variants of the <Files> directives:

<FilesMatch "/quicksearch.*">
    Allow from all
    Satisfy Any
</FilesMatch>

<FilesMatch "^quicksearch.*">
    Allow from all
    Satisfy Any
</FilesMatch>

<Files "quicksearch.php">
    Allow from all
    Satisfy Any
</Files>

But no luck either.

So, how do I set options for a specific "virtual" directory that is mapped via mod_rewrite?

Gerald Schneider
  • 19,757
  • 8
  • 52
  • 79

1 Answers1

2

So, I kinda gave up on this approach. I created a subdirectory "phonebook", moved the files in there and added this to the apache config:

<LocationMatch "^/(css|js|images|icons|phonebook)/">
    Order Deny,Allow
    Allow from All
    Satisfy Any
</LocationMatch>

This works, but I was unable to get it working without the directory existing on the filesystem.

Gerald Schneider
  • 19,757
  • 8
  • 52
  • 79