I have a website that is protected with basic authentication, except for one file, one folder, and one rewritten URL location.
It looks like this:
<Directory /var/www/mydomain.com>
AuthType Basic
AuthName "Authentication Required"
AuthUserFile "/etc/htpasswd.mydomain"
Require valid-user
Options Indexes FollowSymLinks
AllowOverride All
</Directory>
<Location /manifest.webmanifest>
Satisfy Any
Allow from all
</Location>
<Location /icons/>
Satisfy Any
Allow from all
</Location>
<Location /receive>
Satisfy Any
Allow from all
</Location>
manifest.webmanifest
and files in the /icons/
folder bypass the auth, but /receive
doesn't. The obvious difference is that receive
isn't an actual file - it gets rewritten to /index.php for rendering.
How can I make it bypass the auth for /receive?
EDIT: The rewrite happens in a .htaccess file:
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME}.php !-f
RewriteRule ^(.*)$ index.php?AppRouting=$1 [QSA]
0 Answers