-1

In my /var/www/ directory I have many directories some like:

/var/www/impdata/
/var/www/data/

So can I achieve this:

When I go to: www.websitename.com/data/ it should give a 404 error.

And when I do www.websitename.com/data/welcome.php it should work.

And when I do www.websitename.com/impdata/ it should ask for username and password.

And when I do www.websitename.com/impdata/welcome.php it should work.

So how can i write my .htaccess and .htpasswd to achieve this?

This is my current .htaccess file and it is in the /var/www/ directory:

   Options -Indexes
   DirectoryIndex disabled

   <Directory /var/www/impdata>
     # All access controls and authentication are disabled
     Satisfy Any
     Allow from all
  </Directory>

My current .htpasswd file in the /var/www/impdata/ directory:

 try:XYZXYZXYZXYZ
Froggiz
  • 3,013
  • 1
  • 18
  • 30
user310685
  • 127
  • 1
  • 5

2 Answers2

3

So can I achieve this: When I go to: www.websitename.com/data/ it should give an 404 error. And when do www.websitename.com/data/welcome.php it should work.

You can simply rewrite every request to a 404 not found status with an exception to welcome.php. In the code below you will see that every rule gets rewritten tot a 404 status with the exception of welcome.php.

#.htaccess file of /var/www/data
RewriteEngine On

#Condition is that the requested URI is NOT data/welcome.php
RewriteCond ${REQUEST_URI} !^data/welcome.php$
#Return 404 by default
RewriteRule ^(.*)$ - [R=404,L]

And when do www.websitename.com/impdata/ it should ask for username and password. And when do www.websitename.com/impdata/welcome.php it should work.

As far as I know .htaccess files are per directory and therefor so is authentication. What you could however do is redirect all requests which do not equal welcome.php to a php script which then sends an authentication request. Or make a seperate directory, one with protected files and one without and redirect to these specific directories. Here's an example where /impdata is not protected, but /impdata/auth is. In this case /var/www/impdata/auth contains a .htaccess and .htpasswd requiring and /var/www/impdata/ contains a file handling the redirects.

#.htaccess of /var/www/impdata
RewriteEngine On

#Exception, if welcome.php is called, show it
RewriteCond %{REQUEST_URI} !^/impdata/welcome.php$
#Make sure the path does not already exist out 
#of /impdata/auth/ as it would cause a redirect loop.
RewriteCond %{REQUEST_URI} !^/impdata/auth/(.*)$ 
RewriteRule ^(.*)$ auth/$1 [L]



#.htaccess file of /var/www/impdata/auth
Options -Indexes
AuthType Basic
AuthName "RESTRICTED AREA"
AuthUserFile /var/www/impdata/.htpasswd
Require valid-user
user254948
  • 459
  • 3
  • 10
1

First of all .htaccess files are intended to have effect in the directory they're placed, so rather than having one in /var/www/ typically you would have two: one in each of /var/www/impdata/ and /var/www/data/

Or rather have no .htaccess files at all: my pet peeve, quoted from from the manual on .htaccess files:

You should avoid using .htaccess files completely if you have access to httpd main server config file. Using .htaccess files slows down your Apache http server. Any directive that you can include in a .htaccess file is better set in a Directory block, as it will have the same effect with better performance.

If I read your question right, when using using www.example.com/data/ you don't want to see the index.html or similar if it exists and you don't want to see a file listing either, but when requesting a specific file from that directory, you want to allow users to access that file. 

<Directory /var/www/data>
   Options -Indexes         
   DirectoryIndex disabled
</Directory>

Adding authentication to /var/www/impdata with the otherwise the same options:

<Directory /var/www/impdata>
   Options -Indexes
   DirectoryIndex disabled
   AuthType Basic
   AuthName "RESTRICTED AREA"
   AuthUserFile /var/www/impdata/.htpasswd
   Require valid-user
</Directory>

You can disable certain files or directories within that password secured area from requiring authentication with the Satisfy Any directive:

<File /var/www/impdata/welcome.php>
   # All access controls and authentication are disabled
   Satisfy Any
   Allow from all
</File>
HBruijn
  • 72,524
  • 21
  • 127
  • 192
  • can i take this .htaccess one common at root `Options -Indexes DirectoryIndex disabled 'BUT SKIP /var/www/impdata/' ` and then this code in impadata ` Options -Indexes DirectoryIndex disabled AuthType Basic AuthName "RESTRICTED AREA" AuthUserFile /var/www/impdata/.htpasswd Require valid-user ` – user310685 Nov 25 '14 at 07:19
  • When you remove the directory labels you can place the rest in a .htaccess file, yes. – HBruijn Nov 25 '14 at 07:23
  • i tried this `Options -Indexes DirectoryIndex disabled # All access controls and authentication are disabled Satisfy Any Allow from all ` in root it gives me an 500 `Internal Server Error` to every directory and file – user310685 Nov 25 '14 at 07:42
  • The Satisfy directive is only useful if access to a particular area is being restricted by both username/password (`Require valid-user`) and client host address (`Allow from all`). But check the errorlog for the exact reasons – HBruijn Nov 25 '14 at 13:14