0

I have a folder on my site which contains admin files and I've added basic auth following a little unwanted attention. This works fine however a couple of the admin functions won't work through basic auth as they handle file uploads and so I want to exclude these files from the auth. It shouldn't have any security implications as any rogue user wouldn't be able to access the pages that could create a session to use these functions.

I am using the following basic code to exclude a file:

<FilesMatch "(index.php\/myadminfolder\/myurl\/myaction/someotherstuff?)$">
Satisfy Any
Order allow,deny
Allow from all
Deny from none
</FilesMatch>

The URL exclusion is not working.

The URL to exclude is in the form:

index.php/directory/subdirectory/action/uniqueid/blah

What is the correct URL string to add to FilesMatch to exclude any files that start with the pattern of index.php/directory/subdirectory/action - regardless of what comes after action?

Thanks

Simon

simon180
  • 103
  • 4

2 Answers2

1

I suppose the file index.php/directory/subdirectory/action/uniqueid/blah does not really exist. There is probably only an index.php file to which you append /directory/subdirectory/action/uniqueid/blah as PATH_INFO.

Try using Location/LocationMatch instead of Files/FilesMatch.

joschi
  • 21,387
  • 3
  • 47
  • 50
0

Like joschi said, you should use <LocationMatch></LocationMatch> instead. Also, I don't think you need to escape /s in ...Match directives.

mark
  • 2,365
  • 14
  • 11