I have to exclude one Url (as well as one prefix) from normal htaccess Fundamental Auth protection. Something similar to /callbacks/myBank or /callbacks/.* Have you got any hints how to get it done?
What I am not searching for is how you can exclude personal files. This needs to be url (because this is solution according to PHP framework, and all sorts of web addresses are rerouted with mod_rewrite to index.php). So there's no file under this url. Nothing.
A number of individuals web addresses are simply callbacks using their company services (No IP isn't known and so i cannot exclude according to IP) plus they cannot prompt for User / Password.
Current definition is actually:
AuthName "Please login." AuthGroupFile /dev/null AuthType Basic AuthUserFile /xxx/.htpasswd require valid-user
Using SetEnvIf, you may create a flexible once the request begins with a few path, then make use of the
Satisfy Any directive to prevent needing to login.
# set an environtment variable "noauth" if the request starts with "/callbacks/" SetEnvIf Request_URI ^/callbacks/ noauth=1 # the auth block AuthName "Please login." AuthGroupFile /dev/null AuthType Basic AuthUserFile /xxx/.htpasswd # Here is where we allow/deny Order Deny,Allow Satisfy any Deny from all Require valid-user Allow from env=noauth
The allow/deny slice of directives states that deny access for Everybody, except when there's a valid-user (effective Fundamental auth login) or maybe the
noauth variable is placed.