0

I'm creating a simple little (rest)API and now I would like to secure a part of this API with htpasswd (using the oauth library is too much hassle for the simple thing I'm trying to make). Is it possible to only use the .htpasswd file for incoming POST-request and not for GET-requests?

Or is this insecure to begin with (eg. can post-requests be disguised as GET-request)?

Thanks!

Terrabythia
  • 2,031
  • 3
  • 19
  • 29
  • Do you want your htaccess to check users against database or user will be in htpassword file? – pregmatch Oct 05 '13 at 12:31
  • In the htpassword file. I alone want to be able to change things in my database via POST-requests with my own username + password that's in the htpasswd file. The GET-part of the API is publicly accessible for everyone. – Terrabythia Oct 05 '13 at 14:33

1 Answers1

1

After searching for a while I found the answer somewhere myself. I noticed somewhere that the require valid-user part in the .htaccess file was surrounded by <Limit GET></Limit> and tried changing that to POST. And it worked!

<Limit POST>
require valid-user
</Limit>
Terrabythia
  • 2,031
  • 3
  • 19
  • 29