How to Exclude Certain URLs from HTTP Authentication

A development server I was working on required HTTP authentication due to being public-facing. However a certain application inside can’t work with HTTP authentication so certain paths need to be excluded. Usually this can be done by placing HTTP authentication in the main Apache configuration file (httpd.conf) and put .htaccess file in the directory I want to exclude.  .htaccess file has the following content:

Order Deny,Allow
Allow from all
Satisfy any

Please note that this method can be used for physical path only. To exclude virtual path,  just add the following lines in Apache main configuration file (httpd.conf) instead:

# Require auth for all except API directory. Change API with your own.
<LocationMatch "(?i)^(?!/API/)[^\.]+$">
    AuthName "Restricted Area"
    AuthType Basic
    AuthUserFile /path/to/.htpasswd
    AuthGroupFile /dev/null
    require valid-user
</LocationMatch>

References:
How to Remove Basic Auth from a Protected Subdirectory (Apache)
Excluding HTTP Authentication Based On URL

Advertisements

2 thoughts on “How to Exclude Certain URLs from HTTP Authentication

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s