Protect by password the / and /index.php but not the other scripts

Question

In the document root of my web server (Apache 2.2.15 on CentOS 6.0) I have an /index.php script, which I'd like to be password protected and then few helper scripts (/helper1.php, /helper2.php, ...) which actually shouldn't be password-protected - because they are sometimes used directly (for example "hotlinked" from some Excel spreadsheets).

At the moment I have every script password-protected:

<Location />
        AuthType basic
        AuthName "My Protected Area"
        Require valid-user

        AuthBasicProvider ldap
        AuthzLDAPAuthoritative  Off
        AuthLDAPURL             "ldap://ldap-server.XXX.com/OU=Users,DC=XXX,DC=com?sAMAccountName?sub?(objectClass=user)"
        AuthLDAPBindDN          afarber@XXX.com
        AuthLDAPBindPassword    XXXXXX
</Location>

Can anyone please suggest me a way, how to keep /index.php password-protected, but at the same time do not require entering a password when using /helper1.php, etc.?

Thank you! Alex

quanta · Accepted Answer · 2011-09-22T10:00:33.047

0

For any php script you don't want to protect, put a Satisfy Any in Location directive. You can also use LocationMatch, something like this:

<LocationMatch "/helper(1|2).php">
    Satisfy Any
</LocationMatch>

edited Sep 22 '11 at 10:00

answered Sep 22 '11 at 09:31

quanta

51,413
19
159
217

No this will not protect '/' . You need a seperate one for '/' and '/index.php'. Or one combined with regexp. – cstamas Sep 22 '11 at 09:47
No, I get authentication error immediately – Alexander Farber Sep 22 '11 at 09:50
Sorry, please check out my updated answer. – quanta Sep 22 '11 at 10:01

Protect by password the / and /index.php but not the other scripts

1 Answers1