0

I have the following site configuration

<Location />
    AuthUserFile /path/.htpasswd
    AuthName "Restricted Area"
    AuthType Basic
    require valid-user
</Location>

which restricts access to all locations. Now I want to exclude say media/

<Location /media>
    Require all granted
</Location>

and also upload/ which is in another directory

Alias /upload/files/ /another/path/upload/files/
<Directory "/another/path/upload/files/">
    Options None
    AllowOverride None
    ForceType text/plain

    Require all granted
</Directory>

Unfortunately it still prompts me for authentication.

Aley
  • 209
  • 2
  • 4
  • 16
  • Try putting Location /media before Location /. For /upload/files, you have no Location, so it may take the specs of Location /. – Gerard H. Pille Apr 23 '18 at 13:50
  • Still having the same result. It's prompting for user and pass. – Aley Apr 24 '18 at 08:04
  • Well, with only a couple of extracts from your Apache configuration, it's hard to guess what's wrong with it. The config could even be OK, but you forgot to reload it, there could be a cache between your browser and Apache, or your browsers cache itself, you may be addressing another server ... – Gerard H. Pille Apr 24 '18 at 08:24
  • This part should be sufficient. You can reproduce it. Somehow `Require all granted` is not working here. Maybe some other flags like `AllowOverride AuthConfig` are missing here. Not sure. – Aley Apr 25 '18 at 06:32

3 Answers3

1

You can add the exceptions in the following way:

<Directory /media>
         Options none
         AllowOverride none
         Require all granted
</Directory>

After the configuration is applied the apache service must be restarted.

GeorgiY
  • 21
  • 2
  • The -Direktive in this notation receives a full path. Check out the [docs](https://httpd.apache.org/docs/2.4/mod/core.html#directory). So Im not sure what your suggestion is about. – Aley Apr 24 '18 at 08:02
1

As Location /media came after Location /, it inherited roots AuthType. You should be able to overrule it:

<Location /media>
  AuthType None
  Require all granted
</Location>
Gerard H. Pille
  • 2,569
  • 1
  • 13
  • 11
0

I found a way to accomplish this

<Location />
    AuthUserFile /path/.htpasswd
    AuthName "Restricted Area"
    AuthType Basic
    Require expr %{REQUEST_URI} =~ m#^/media#
    Require expr %{REQUEST_URI} =~ m#^/upload/files/#
    Require valid-user
</Location>

There might be other options.

Aley
  • 209
  • 2
  • 4
  • 16