I'd like to have 2 types of authentication on my web app (PHP 7.4 on Apache 2.4):
- for the URLs /api/ and its children /api/xxxx (not actual directory, just url) I'd like to have HTTP authentication
- for any other URL, I'd like to have shibboleth auth
in my main .htaccess in the root folder, I have the following:
AuthType shibboleth
Require shibboleth
for HTTP authentication, I would use something like this
AuthType Basic
AuthName "Authentication Required"
AuthUserFile "/path/to/htpasswd/.htpasswd"
Require valid-user
Order allow,deny
Allow from all
But I cannot find how to combine it, so shibboleth would work for any URL except /api/ (and children like /api/xxx etc.) and HTTP authentication just for /api/ and children /api/xxx, etc.
