Disregard HTTP authentication for a particular URL

1

I have an application developed in CakePHP 2 , but I believe that the issue does not have as much involvement with the framework itself, just citing to contextualize.

As this private application, basically a webservice for accessing data with a mobile application, I restricted access using Apache HTTP strong> in the file .htaccess .

There is the physical path for files/photos that I want free access, so I included this exception thus:

AuthType Basic
AuthName "Meu webservice"
AuthUserFile /foo/bar/.htpasswd
Require valid-user

SetEnvIf Request_URI "files/photos/" allow

Order allow,deny
Allow from env=allow
Satisfy any

It works perfectly, restricting all access to webservice except for the given directory. Now I need to restrict a new access but this time it is not a URL pointing to a physical path but rather "virtual", since the framework ( MVC-like ) uses mod_rewrite to do the rewrite of the URLs.

Just adding the line below did not succeed, you are still prompted for a username and password.

SetEnvIf Request_URI "users/confirmation/" allow

I do not know if the problem is because of the use of URL rewriting, but considering that one physical path I succeeded and the other did not, I imagine it makes some sense of my doubt.

    
asked by anonymous 03.12.2014 / 15:51

1 answer

1

Resolved as follows: The two paths that will be ignored by Apache HTTP authentication, both physical and URL rewriting by mod_rewrite look like this:

SetEnvIf Request_URI "files/photos/" noauth=1
SetEnvIf Request_URI "users/confirmation/*" noauth=1

Finally, just add one more line indicating this environment variable with the prefix allow :

Allow from env=REDIRECT_noauth

Done, it worked for both cases.

    
10.12.2014 / 11:35