0

Scenario

I'm simply trying to allow one php file through .htaccess password folder.

Attempts so far

  • my-special-file.php
  • subfolder/my-special-file.php
  • ./subfolder/my-special-file.php
  • tried using a .htaccess inside the subfolder

Question

What am I missing? I know I've gotten little things like this to work before but I'm just not seeing it..

.htaccess file

AuthUserFile /some/folder/.htpasswd AuthType Basic AuthName "Password Required" Require user personA personB Order Deny,Allow Deny from All #not working <Files "./subfolder/my-special-file.php"> Allow from All </Files> Satisfy Any

Web Page 401

Unauthorized

This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.

Apache/2.4.7 (Ubuntu) Server at x.x Port 80

Improve this question
2
  • 2
    Which Apache version are you using? Commented May 25, 2020 at 20:23
  • @EsaJokinen Apache/2.4.7 (Ubuntu) Commented May 26, 2020 at 15:22

1 Answer 1

Reset to default
2

The Access Control has changed in Apache 2.4 you are using, and the changes are probably best explained in the Upgrading to 2.4 from 2.2. In short, from mod_access_compat:

Compatibility: Available in Apache HTTP Server 2.3 as a compatibility module with previous versions of Apache httpd 2.x. The directives provided by this module have been deprecated by the new authz refactoring. Please see mod_authz_host

Let's refactor your configuration based on mod_authz_core and mod_authz_host:

<Directory "/var/www/somefolder"> AuthType Basic AuthName "Password Required" AuthUserFile "/some/folder/.htpasswd" Require user personA personB <Files "my-special-file.php"> Require all granted </Files> </Directory>
  • The <Directory> context can be replaced with .htaccess, although not recommended.

  • The <Files "my-special-file.php"> gets inherited by all the subfolders, i.e.

    • this allows access to my-special-file.php, subfolder/my-special-file.php etc.

    • If you only want this to be applied to the subfolder/my-special-file.php, you'd need:

      <Directory "/var/www/somefolder"> AuthType Basic AuthName "Password Required" AuthUserFile "/path/to/.htpasswd" Require user personA personB <Directory "/var/www/somefolder/subfolder"> <Files "my-special-file.php"> Require all granted </Files> </Directory> </Directory>
Improve this answer
2
  • 2
    Or perhaps use an Apache <If> expression to only prompt for a password when my-special-file.php is not requested (testing against REQUEST_FILENAME or %{LA-U:REQUEST_FILENAME} in a server/vhost context, since this is an actual file)? Something like this from an earlier question. Commented May 26, 2020 at 16:43
  • 1
    @MrWhite Yes, that's possible and worth to mention, but frankly, using <If> would be even more confusing to anyone asking this kind of questions on Q/A sites, wouldn't it? Commented May 26, 2020 at 16:49

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.