Exclusion of a protected sub-url does not work on Apache 2.4?

apache-2.4 http-basic-authentication .htaccess

I try to exclude a sub-url "/shop/api" from my protected website. It worked fine on different server on Apache/2.2.15 but now not with Apache/2.4.7? It always asks for the basic authentication. Any Idea what I did wrong?

AuthType Basic
AuthName 'Authentication required'
AuthUserFile /var/www/vhosts/pwd/.htpasswd

# Allow access to excluded diretories
SetEnvIf Request_URI ^/shop/api/  noauth=1
Order deny,allow
Satisfy any
Deny from all
Require valid-user
Allow from env=noauth

Solution 1:

as "lain" pointed out the apache 2.4 Auth/Access control stuff has changed since 2.2. So I needed to modify it as follows:

AuthType Basic
AuthName 'Authentication required'
AuthUserFile /var/www/vhosts/pwd/.htpasswd
# Allow access to excluded directories
SetEnvIf Request_URI /shop/api  noauth=1
<RequireAny>
  Require env noauth
  Require env REDIRECT_noauth
  Require valid-user
</RequireAny>

In addition I had to add Require env REDIRECT_noauth because PHP is using some redirect and this keeps the env variable noauth set

Related

IIS Optimization
Correct value for fill factor for clustered indexes with surrogate identity keys
Kubernetes - how to map docker run command-line parameters to kubectl command line
How can I access instance storage on a Windows EC2 instance with an ebs root device?
How do I set cgroup limits for systemd user slices?
hard resetting link exception Emask 0x50 SAct 0x0 SErr 0x4090800 action 0xe frozen
Send trunk directly to vm in HyperV 2012
How to efficiently dump a huge MySQL innodb database?
Learning algebra and harmonic analysis
If $a_n$ goes to zero, can we find signs $s_n$ such that $\sum s_n a_n$ converges?
Prove that every positive semidefinite matrix has nonnegative eigenvalues
How to solve $\sqrt {1+\sqrt {4+\sqrt {16+\sqrt {64+\sqrt {256\ldots }}}}}$