Apache basic auth for a particular URL
I have a site in production that I want to modify (translate from French to English). The modified part will be placed in the domain.com/en
URL location and I want to protect only this part with a basic HTTP auth during the modifications.
I would like to have the same behavior as if I had a en
directory on my web root folder, and a .htaccess
file on this directory to implement basic auth. Unfortunately, I can't do this because The site runs on Wordpress and uses Rewrite Rules, so I cannot create a en
directory without bypassing Wordpress.
What directives should I put in the .htaccess
in the root directory to enable basic auth only for the /en
location ? I tried using the <Location /en></Location>
block, but it produces a 500 error so I suppose this block is only supported in apache configuration files.
Solution 1:
I see... The code below will disable auth on only the callbacks directory, perhaps you can modify this logic so that it only enables authentication on the desired directory, or disable auth on all dirs whose name doesn't match the one you wish to protect.
# set an environment variable "noauth" if the request starts with "/callbacks/"
SetEnvIf Request_URI ^/callbacks/ noauth=1
# the auth block
AuthName "Please login."
AuthGroupFile /dev/null
AuthType Basic
AuthUserFile /xxx/.htpasswd
#Here is where we allow/deny
Order Deny,Allow
Satisfy any
Deny from all
Require valid-user
Allow from env=noauth
Solution 2:
@Gregg_Leventhal gave me the solution by using environment variables. But the logic I use is the exact inverse of the one used in his answer.
For completeness, here is the code to ask authentication only for URL /en
:
#set an environtment variable "auth" if the request starts with "/en"
SetEnvIf Request_URI ^/en auth=1
AuthName "Please login to access english part"
AuthType Basic
AuthUserFile "/path/to/my/.htpasswd"
# first, allow everybody
Order Allow,Deny
Satisfy any
Allow from all
Require valid-user
# then, deny only if required
Deny from env=auth