2

I have two folders, F1 and F2, under my public folder, each with an .htaccess file in them. F1 is protected by basic auth in .htaccess, like this: 

AuthName "Restricted Area" AuthType Basic AuthUserFile /home/myaccount/.htpasswd AuthGroupFile /dev/null require valid-user

I'm rewriting a URL from F2 into F1, like this: 

RewriteRule ^f2file\.php$ ../F1/f1file.php [NC,L]

This rewrite works, but it challenges me with the basic auth I have set up in F1. Is there a way to either send basic auth credentials with the rewrite, or to bypass the basic auth when rewriting from a local folder?

I've tried setting an environment variable like in this question:

SetEnvIf Request_URI ^f2file\.php$ ADD_BASIC_AUTH RequestHeader set Authorization "Basic XXXXXXXX" env=ADD_BASIC_AUTH

Where XXXXXXXX is the base 64 encoded value of user:pass as described in the above question. But, this doesn't work, it still challenges me for the credentials, maybe because I'm not doing the rewrite as a proxy? Any ideas? Thanks!

Improve this question
4
  • I'm not certain that I understand what you are trying to do. Do you want the files to be available without a password or not? If you're simply trying to obfuscate the URL, perhaps you could do that easier a different way. I imagine that whatever you are wanting to be accomplished could be accomplished a different way. Commented Jun 15, 2017 at 17:49
  • F1 and F2 are private APIs with requests coming into them, accessible under subdomains F1.mydomain.com and F2.mydomain.com. I want F1 to remain with basic authentication if it is accessed directly. I want to rewrite certain requests that are going to F2 into F1 and either meet or bypass the authentication on these rewrites. Commented Jun 15, 2017 at 18:09
  • So you're saying you want the user to only have to be prompted for the password once? Commented Jun 15, 2017 at 19:02
  • No, if they go to F1.mydomain.com/anyfile.php, they will always be prompted for a password. All files under F1 require basic auth to access. But, F2.mydomain.com/specificfile2.php is an API call that is out there that a system I don't control is making on a regular basis. I want to rewrite this API call to F1.mydomain.com/specificfile1.php without having to deal with the basic auth challenge. Think of it like this: F1 is the new API that requires basic auth, F2 is the old API with no basic auth. I want to rewrite a few calls from the old API to the new API. Commented Jun 15, 2017 at 19:14

1 Answer 1

Reset to default
1

Since F1 folder is password protected, a password is required to access whatever is accessed directly on this folder. You could perhaps use a symbolic link from the F2 folder to the file required on the F1 folder. Then the clients will access a file on F2 instead of F1 and no password will be required.

ln -s ../F1/f1file.php f2file.php
Improve this answer
1
  • This accomplishes exactly what I was trying to do, and post data comes through as well. Thanks very much! Commented Jun 15, 2017 at 22:25

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.