Home / server / Questions / 758245
Accepted
user2395126
Asked: 2016-02-19 14:15:43 +0800 CST

Using htaccess to grant access to index file when user requests directory URL

  • 772

I would like to use htaccess to allow access to the index file plus a few others in a directory (index.php) but require a user/pass for everything else in the directory. Right now I have:

AuthName "SomeServer"
AuthUserFile /path/to/.htpasswd
AuthGroupFile /dev/null
Require valid-user
AuthType Basic
<FilesMatch "(index.php)|(login.php)">
    Allow from all
    Satisfy any
</FilesMatch>

This allows users to access index.php and login.php and denies the rest of the directory. However, whenever a user requests the directory without the index.php in the URL like:

http://www.example.com/dir

The user is prompted to login. However, if the user goes here:

http://www.example.com/dir/index.php

Then index.php is displayed without a login prompt.

What do I need to change to allow the user to go to http://www.example.com/dir and be directed to http://www.example.com/dir/index.php without prompting for a login while still requiring a login for anything else in the directory?

Update: not sure it matters, but I switched the authentication to use mod_auth_mysql. Still using the same section of my htaccess file and still facing the same problem.

apache-2.2

1 Answers

  1. Best Answer

    You could try something like the following

    <VirtualHost *:80>
    ServerName localhost
    DocumentRoot /vhosts/default

    DirectoryIndex index.php

    <Directory /vhosts/default>
        Options -Indexes
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>

    <Location ~ ^/dir/(index|login)\.php$>
        Allow from all
        Satisfy any
    </Location>

    <Location ~ ^/dir/?$>
        Allow from all
        Satisfy any
    </Location>
</VirtualHost>

    Make some basic tests

    # curl -I http://localhost/
HTTP/1.1 401 Authorization Required
Date: Fri, 19 Feb 2016 10:03:38 GMT
Server: Apache/2.2.15 (CentOS)
WWW-Authenticate: Basic realm="SomeServer"
Content-Type: text/html; charset=iso-8859-1

# curl -I http://localhost/index.php
HTTP/1.1 401 Authorization Required
Date: Fri, 19 Feb 2016 10:03:43 GMT
Server: Apache/2.2.15 (CentOS)
WWW-Authenticate: Basic realm="SomeServer"
Content-Type: text/html; charset=iso-8859-1


# curl -I http://localhost/dir/index.php
HTTP/1.1 200 OK
Date: Fri, 19 Feb 2016 10:03:49 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.6.16
Content-Type: text/html; charset=UTF-8


# curl -I http://localhost/dir/
HTTP/1.1 200 OK
Date: Fri, 19 Feb 2016 10:03:52 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.6.16
Content-Type: text/html; charset=UTF-8


# curl -I http://localhost/dir/some_file.php
HTTP/1.1 401 Authorization Required
Date: Fri, 19 Feb 2016 10:04:07 GMT
Server: Apache/2.2.15 (CentOS)
WWW-Authenticate: Basic realm="SomeServer"
Content-Type: text/html; charset=iso-8859-1

# curl -I http://localhost/dir
HTTP/1.1 301 Moved Permanently
Date: Fri, 19 Feb 2016 10:04:14 GMT
Server: Apache/2.2.15 (CentOS)
Location: http://localhost/dir/
Content-Type: text/html; charset=iso-8859-1
    • 1