How to protect some URLs with HTTP authentication using a regex?

StackOverflow https://stackoverflow.com/questions/23469351

Вопрос

I have a public website with an admin area. So I want to protect this admin area using HTTP authentication.

The admin area has this URL: http://mypublicwebsite.com/myadminarea/

myadminareais not a physical directory on my server, there's a routing system based on the requested URL.

Is there an easy way to define that every URL that matches http://mypublicwebsite.com/myadminarea/* must use http authentication?

I've found this answer, but it seems too complicated to me.

Thanks.

Это было полезно?

Решение 2

I've just found a solution using the LocationMatch apache directive, to be added in my virtualhost definition:

<VirtualHost *:8080>
    ...

    <LocationMatch "/myadminarea/.*">
        AuthType basic
        AuthName "Login Required"
        AuthUserFile /full/path/to/passwords
        Require valid-user
        Order allow,deny
        Allow from all
    </LocationMatch>
</VirtualHost>

Другие советы

You can use it using mod_setenvif and mod_auth. Place this code in your root .htaccess:

SetEnvIfNoCase Request_URI "^/myadminarea" SECURED

AuthType Basic
AuthName "Login Required"
AuthUserFile /full/path/to/passwords
Require valid-user
Order allow,deny
Allow from all
Deny from env=SECURED
Satisfy any

PS: Make sure you create passwords as per Apache manual instructions.

Лицензировано под: CC-BY-SA с атрибуция
Не связан с StackOverflow
scroll top