Apache locationmatch negative regex

apache-2.2regex

I'm trying to expose a location through Apache. Normally, I have this block in my vhost that says

<Location />
    AuthType Basic
    AuthUserFile /web/.htpasswd
    AuthName "Test Site"
    Require valid-user
</Location>

This works just fine – everything served up requires a valid user. Now I want to expose a service that doesn't require authentication so I'm looking for a way to make all locations except for /services require authentication. I've been playing with LocationMatch, but I'm not entirely clear on what it's doing.

<LocationMatch ^/(?!services)[^.]*$>
AuthType Basic
...
</LocationMatch>

Allows /services and everything beneath it to skip the LocationMatch, but it has the side-effect of allowing example.com/.somefile to bypass the LocationMatch block.

Additionally, when I tried

<LocationMatch ^/(?!services)>
AuthType Basic
...
</LocationMatch>

everything (including /services) is matched by the LocationMatch.

I'd appreciate if someone could tell me what the [^.]* class does that the second test doesn't and how to expose only /services while keeping all other paths under authentication.

Best Answer

This page by Antonio Lorusso suggests the following to exclude folders from apache authentication:

<Location "/">
AuthType Basic
AuthName "Restricted Files"
AuthUserFile /var/www/clients/client12/web17/passwd
AuthGroupFile /dev/null
Require valid-user
SetEnvIf Request_URI "^/(admin|skin|js|index)(.*)$" allow
SetEnvIf Request_URI "^/favicon.ico$" allow
Order allow,deny
Allow from env=allow
Satisfy Any
</Location>

In this case URLs starting with /admin, /skin, /js or /index will be ignored by auth.

The key part of this section for you is:

SetEnvIf Request_URI "^/(admin|skin|js|index)(.*)$" allow

In your case the appropriate code would be:

SetEnvIf Request_URI "^/services(.*)$" allow

_

Related Topic