How can I deny access to http://sub.mydomain.com/, but allow for (completely) http://sub.mydomain.com/test (or http://sub.mydomain.com/test/)
There is a magento back-end behind http://sub.mydomain.com/test/
Asked
Active
Viewed 4.8k times
6 Answers
41
.htaccess directives apply to that directory, and all subdirectories thereof, so you should disallow access in your DocumentRoot,
http://sub.mydomain.com/.htaccess:
Order deny,allow
Deny from all
And override that in any specific subdirectories you would like to allow access to,
http://sub.mydomain.com/test/.htaccess:
Order allow,deny
Allow from all
nachito
- 6,975
- 2
- 25
- 44
-
This is an untested assumption but you just need that second `.htaccess` in any subdirectory that is supposed to be web accessible – Matt Jun 04 '14 at 15:08
-
Doesn't work for me - adding .htaccess with "Allow from all" in a subdir still requires a password for it. – Paul Feakins Jun 11 '21 at 16:14
-
However, adding "Satisfy Any" in addition to the above did fix it. – Paul Feakins Jun 11 '21 at 16:58
9
How about a .htaccess at the root directory, with the following lines?
RewriteEngine On
# check if request is for subdomain
RewriteCond %{HTTP_HOST} ^sub.mydomain.com$ [NC]
# check if 'test' isnt part of request
RewriteCond %{REQUEST_URI} !^/test/?(.*)$ [NC]
# if subdomain and no 'test' part, redirect to main domain...
RewriteRule ^(.*)$ http://www.mydomain.com/$1 [R,L]
So if the '/test/' section is present, no redirect takes place...
SW4
- 69,876
- 20
- 132
- 137
-
Looks pretty interesting. I have to admit, i'm not realy familiar with mod_rewrite. So I have absolutely no clue what [NC] and [R,L] stands for... – V-Light Oct 05 '11 at 07:38
-
3NC means case insensitive, R = redirect, L = last (stop applying rules from htaccess after this) – SW4 Oct 05 '11 at 08:57
1
I know this is a very old thread, but I've been struceling with exactly this scenario for several days and finally got it to work, thus I thought I'd share my solution for further reference.
As of Apache version 2.4 (I guess), it's possible to use directive <RequireAll> and <RequireAny>.
This can be used to allow access to specific subfolders.
My solution for .htaccess (inspired from this site: https://www.the-art-of-web.com/system/apache-authorization/):
SetEnvIf REQUEST_URI "^/test/.*" PUBLICACCESS
# Use for multiple subfolders:
# SetEnvIf REQUEST_URI "^/(?:test|test2|test3|test4)/.*" PUBLICACCESS
<RequireAny>
<RequireAll>
# Public access
Require env PUBLICACCESS
Require all granted
</RequireAll>
<RequireAll>
# Require user and password
AuthType Basic
AuthName "Secured"
AuthUserFile /var/www/example.com/.htpasswd
Require valid-user
</RequireAll>
</RequireAny>
David SN
- 31
- 2
1
I'm using a cpanel powered server which will add .htaccess entries like the following:
#----------------------------------------------------------------cp:ppd
# Section managed by cPanel: Password Protected Directories -cp:ppd
# - Do not edit this section of the htaccess file! -cp:ppd
#----------------------------------------------------------------cp:ppd
AuthType Basic
AuthName "Protected"
AuthUserFile "/home/****/.htpasswds/sites/****/passwd"
Require valid-user
#----------------------------------------------------------------cp:ppd
# End section managed by cPanel: Password Protected Directories -cp:ppd
#----------------------------------------------------------------cp:ppd
I wanted to allow access to a specific subfolder, and the solution was creating an .htaccess file within that subfolder and placing the following inside:
Satisfy any
Ryan Hartman
- 196
- 1
- 8
1
Try create .htaccess file in sub.mydomain.com for deny, and in sub.mydomain.com/test for allow.
Or you can redirect from http://sub.mydomain.com/ to deny subdir.
radeklos
- 2,168
- 21
- 19
0
If you have protected your DocumentRoot by Auth, then you can allow your Subfolder by follow:
http://sub.mydomain.com/test/.htaccess:
require all granted
Order allow,deny
Allow from all
pino
- 136
- 6