2

I have two folders, F1 and F2, under my public folder, each with an .htaccess file in them. F1 is protected by basic auth in .htaccess, like this: 

AuthName "Restricted Area" 
AuthType Basic 
AuthUserFile /home/myaccount/.htpasswd
AuthGroupFile /dev/null 
require valid-user

I'm rewriting a URL from F2 into F1, like this: 

RewriteRule ^f2file\.php$ ../F1/f1file.php [NC,L]

This rewrite works, but it challenges me with the basic auth I have set up in F1. Is there a way to either send basic auth credentials with the rewrite, or to bypass the basic auth when rewriting from a local folder?

I've tried setting an environment variable like in this question:

SetEnvIf Request_URI ^f2file\.php$ ADD_BASIC_AUTH
RequestHeader set Authorization "Basic XXXXXXXX" env=ADD_BASIC_AUTH

Where XXXXXXXX is the base 64 encoded value of user:pass as described in the above question. But, this doesn't work, it still challenges me for the credentials, maybe because I'm not doing the rewrite as a proxy? Any ideas? Thanks!

user339568
  • 195
  • 1
  • 5
  • I'm not certain that I understand what you are trying to do. Do you want the files to be available without a password or not? If you're simply trying to obfuscate the URL, perhaps you could do that easier a different way. I imagine that whatever you are wanting to be accomplished could be accomplished a different way. – DKing Jun 15 '17 at 17:49
  • F1 and F2 are private APIs with requests coming into them, accessible under subdomains F1.mydomain.com and F2.mydomain.com. I want F1 to remain with basic authentication if it is accessed directly. I want to rewrite certain requests that are going to F2 into F1 and either meet or bypass the authentication on these rewrites. – user339568 Jun 15 '17 at 18:09
  • So you're saying you want the user to only have to be prompted for the password once? – quadruplebucky Jun 15 '17 at 19:02
  • No, if they go to F1.mydomain.com/anyfile.php, they will always be prompted for a password. All files under F1 require basic auth to access. But, F2.mydomain.com/specificfile2.php is an API call that is out there that a system I don't control is making on a regular basis. I want to rewrite this API call to F1.mydomain.com/specificfile1.php without having to deal with the basic auth challenge. Think of it like this: F1 is the new API that requires basic auth, F2 is the old API with no basic auth. I want to rewrite a few calls from the old API to the new API. – user339568 Jun 15 '17 at 19:14

1 Answers1

1

Since F1 folder is password protected, a password is required to access whatever is accessed directly on this folder. You could perhaps use a symbolic link from the F2 folder to the file required on the F1 folder. Then the clients will access a file on F2 instead of F1 and no password will be required.

ln -s ../F1/f1file.php f2file.php
atrias
  • 88
  • 5