0

Looking for some guidance on how I can match a specific file in a wildcard of directories.

Example - the rule needs to apply to:

/path/to/folder1/directory/index.php
/path/to/folder2/directory/index.php
/path/to/folder3/directory/index.php

Here is an example of the configuration made. The idea is to ensure that they are prompted for a username/password if this file is accessed:

<FilesMatch "/path/to/*/directory/index.php">
AuthName "Login"
AuthType Basic
AuthUserFile /path/to/.htpasswd

require valid-user

However, that doesn't seem to be working.

EDIT

After the first answer response, I changed the code. The primary purpose of this is to ensure that if anyone accesses the administrator/index.php file, they are asked for username and password via mod_security. Any other index.php files recursive to the administrator directory should not be prompted:

<Directory "/location/to/.*/administrator">
    <Files "index.php">
    AuthName "Login"
    AuthType Basic
    AuthUserFile /path/to/.htpasswd
    require valid-user
    </Files>
</Directory>

Does that do the trick?

Brian Spraker
  • 55
  • 1
  • 8
  • yes, your edited example should work, but in this case you don't need `.*` but `*` - without a `~` (or without DirectoryMatch), wildcards use globbing, not regular expressions. It can be a bit confusing... – mata Mar 30 '14 at 15:25
  • Got it. That does work. One more issue though - you have to actually put in the /index.php in the URL for the prompt to ask for the username/password. Any way to also make it prompt if they just type in website/administrator/ as well? – Brian Spraker Mar 30 '14 at 15:32
  • you could just put the auth direvtives directly into the directory section, omitting the file directive, then the whole administrator directory should require a password. shouldn't make much difference for the use case. – mata Mar 30 '14 at 15:47
  • Got it. Just put that in there and will see if that works OK. Thank you Mata. – Brian Spraker Mar 30 '14 at 16:22

1 Answers1

0

Like the <Files> directive, the <FilesMatch> directive operates only on the basename of the file, not on the complete path, so specifying a path name wont work.

Other then that, FilesMatch uses regular expressions by default (<FilesMatch "expression"> is basically the same as <Files ~ "expression">), so "path/*" would actually match path followed by an arbitrary number of slashes, what you ment would be "path/.*" - but like I said, paths don't work with FilesMatch and Files.

But the directives already apply to all subdirectories, so if you put a .htaccess file in the common base directory, it will apply to all subdirectories (unless it's overridden later):

<Files "index.php">
    ...
</Files>
mata
  • 67,110
  • 10
  • 163
  • 162
  • Thanks for the reply. That would require quite a bit of work to make a .htaccess file in all directories. That is why I was looking to create one catch-all rule in the actual apache server config. In essence, I am wanting to require a username/password for anyone that accesses the administrator/index.php file for Joomla on any website on the server. – Brian Spraker Mar 30 '14 at 15:11
  • I think the easiest way would be to combine [SetEnvIf](http://httpd.apache.org/docs/2.2/mod/mod_setenvif.html#setenvif) to set an environment variable if the path matches with [Allow from env=...](http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#allow) - at least if you don't have access to the server config. otherwise a `` directive shoudl do the trick. – mata Mar 30 '14 at 15:18
  • Thanks Mata. I run the web servers so I have full access to set the web server config. That is exactly what I'm trying to do - make a universal requirement. – Brian Spraker Mar 30 '14 at 15:24