I want to deny all anonymous users by default yet allow anonymous users for a specific virtual path; the virtual path is created by a wordpress htaccess + php
Current Setup
AuthUserFile /var/www/domains/dev/.htpasswd
AuthType Basic
AuthName "Password Required"
Require user jackson dawna
Order Deny,Allow
Deny from All
<If "%{REQUEST_URI} =~ m#/sites/dawna/wordpress/wp-json/wp/v2/.*#">
Order Allow,Deny
Allow from All
Satisfy Any
</If>
Satisfy Any
Problem
The above code denies all users and asks for credentials. However if I switch global to Allow from All and the If to Deny from All then this works as expected, only denying the specified route
Question
How can I allow anonymous visitors to my virtual route while making everything else password protected?
By the sounds of it you only need to ask for authentication if the requested URL-path is not the URL-path that you want to allow public access. And simply allow access otherwise.
You are also mixing in Apache 2.2 auth directives on what would seem to be an Apache 2.4 system.
Try something like the following instead:
The above checks that the requested URL does not start
/this/urlpath/is/public/(you were missing a start-of-string anchor^in your example) and only prompts for authentication if it doesn't. The default action is then to allow access (for any URL that starts with that URL-path).Due to the nature of the virtual path (created by wordpress) I had to use
THE_REQUESTinstead:The wordpress redirect uses
wordpress/index.phpso using theREQUEST_URIwasn't working because the uri is always/path/to/wordpress/index.phpmaking the my if statement useless.NOTE
If you need to support PUT's or other you'll have to add that in.
[A-Z]{3}or[A-Z]{3-6}where the latter will open up to everything.