1

I have .htpasswd protection on my site that works fine. When I call a script that puts everything into cache via PHP CLI I get a 401 error. The problem here is the .htpasswd protection.

In the CLI call I define my env (ENV=cron), how can I tell my .htaccess to not ask for the username and password if env=cron?

My current code in the .htaccess is: 

<IfDefine env!=cron>
    AuthType Basic
    AuthName "internal"
    AuthUserFile /path/to/my/.htpasswd
    Require valid-user
</IfDefine>

I am using apache 2.2 and not 2.4 which would make this a whole lot easier. What is the correct way of solving this issue?

Fabian
  • 113
  • 2
  • I hope you're using Apache httpd 2.4 and the 2.2 tag is an error. – HBruijn Sep 03 '18 at 07:46
  • @HBruijn `apachectl -v Server version: Apache/2.2.34 (Unix)` – Fabian Sep 03 '18 at 07:49
  • 1
    I think you need to upgrade to 2.4 to be able to configure [`RequireAny`](https://httpd.apache.org/docs/trunk/mod/mod_authz_core.html#requireany) where different authentication methods for the same resource can be combined and allow access if either condition is met. - If your cronjob runs on the webserver, don't make a HTTP request but simply execute your php code with the PHP command line interpreter `/usr/bin/php -f /path/to/your.php` – HBruijn Sep 03 '18 at 07:58

1 Answers1

0

On Apache 2.2 you may be able to do this with the help of the Satisfy directive.

For example:

AuthType Basic
AuthName "internal"
AuthUserFile /path/to/my/.htpasswd
Require valid-user
Order allow,deny
Allow from env=cron
Satisfy Any

(The default is Satisfy All)

The <IfDefine> directive (on Apache 2.2) is only able to check whether parameters have been set on the command line when Apache is started. It cannot check environment variables.

MrWhite
  • 11,643
  • 4
  • 25
  • 40