0

I protected an entire Wordpress site with an .htaccess in the /var/www/html direction containing the following regular authentication:

AuthName "Restricted Admin-Area"
AuthType Basic
AuthUserFile /var/www/html/.htpasswd
Require valid-user

However, now my boss asks me to unprotect just one page of the Wordpress site (specifically /subscription):

  • When we access www.site.com/subscription : no authentication is asked
  • When we access the rest of www.site.com : an authentication is asked

So I added the following as an exclusion:

SetEnvIf Request_URI "(subscription/)$" allow
SetEnvIf Request_URI "(subscription)$" allow
Order allow,deny
Allow from env=allow
Satisfy any

The problem though, is that for this exclusion to work, the subscription/ directory must exist "physically" on the server.

But it is a Wordpress page, generated automatically following index.php contained in the Wordpress database.

Therefore, the exclusion does not work and I'm asked an authentication when accessing this page.

I've looked for hours and tried to modify tons of things (even creating a subscription2/ directory pointing to subscription), but nothing worked.

Please can you help?

Thank you!

Bibelo
  • 221
  • 2
  • 8
  • Do you have to use .htaccess? Could you do something at the server config level? A with the allow rules in it would probably solve this. – Benjamin Close Nov 10 '17 at 00:55
  • Actually looking again, your Order is probably killing you. Try: ```Order Deny,Allow Deny from All Allow from env=allow``` – Benjamin Close Nov 10 '17 at 01:03
  • Thank you for your answer, I tried it @BenjaminClose, but now it gives me a 403 Forbidden on all the site and Authentication remaining on /subscription. – Bibelo Nov 10 '17 at 01:09

0 Answers0