1

So rather than excluding one file from the entire authentication like I tried to here. I've just decided to add specific files to the authentication like this:

<Files ...>
</Files>

The thing is when it's like this:

<Files Available.php>
    AuthType Basic
    AuthName "Login"
    AuthUserFile /disks/*/*/Folder/.htpasswd
    Require valid-user
</Files>

It works in that it requires an authentication for the php. However when I put multiple files like this:

<Files Available.php,Insert.php,upload_file.php>
    AuthType Basic
    AuthName "Login"
    AuthUserFile /disks/*/*/Folder/.htpasswd
    Require valid-user
</Files>

It fails to require authentication for any of the files. Any ideas what I'm writing wrong syntactically?

Also how do I require authentication for all sub-directories?

Community
  • 1
  • 1
Charlie Yabben
  • 307
  • 2
  • 7
  • 13

1 Answers1

1

You can't put multiple file names in a directive. see for directive examples.

http://www.askapache.com/htaccess/using-filesmatch-and-files-in-htaccess.html

If you can't match the files with a wildcard, your best bet is to place them all in a subdirectory and use your authenication against that.

Your other option is to use php authenication with sessions (cookie or url based) and have the php files that require authentication check for a valid session before running.

I've written a fair number php based sites with authenicated admin and I always use a subdirectory and then ssl to make it more secure.

Codeguy007
  • 891
  • 1
  • 12
  • 32
  • how exactly do you go about implementing ssl into your website? – Charlie Yabben Oct 15 '12 at 04:57
  • http://wiki.apache.org/httpd/NameBasedSSLVHosts - Basically you get yourself an unique IP and an SSL Certificate. Usually your hosting company will set this up for you or have an automated setup. They will even order the SSL certificate if you'd like. If it's a personal site, you can use a self signed. – Codeguy007 Oct 15 '12 at 09:26