Using htaccess to grant access to index file when user requests directory URL

.htaccessapache-2.2

I would like to use htaccess to allow access to the index file plus a few others in a directory (index.php) but require a user/pass for everything else in the directory. Right now I have:

AuthName "SomeServer"
AuthUserFile /path/to/.htpasswd
AuthGroupFile /dev/null
Require valid-user
AuthType Basic
<FilesMatch "(index.php)|(login.php)">
    Allow from all
    Satisfy any
</FilesMatch>

This allows users to access index.php and login.php and denies the rest of the directory. However, whenever a user requests the directory without the index.php in the URL like:

http://www.example.com/dir

The user is prompted to login. However, if the user goes here:

http://www.example.com/dir/index.php

Then index.php is displayed without a login prompt.

What do I need to change to allow the user to go to http://www.example.com/dir and be directed to http://www.example.com/dir/index.php without prompting for a login while still requiring a login for anything else in the directory?

Update: not sure it matters, but I switched the authentication to use mod_auth_mysql. Still using the same section of my htaccess file and still facing the same problem.

Best Answer

You could try something like the following

<VirtualHost *:80>
    ServerName localhost
    DocumentRoot /vhosts/default

    DirectoryIndex index.php

    <Directory /vhosts/default>
        Options -Indexes
        AllowOverride All
        Order allow,deny
        Allow from all
    </Directory>

    <Location ~ ^/dir/(index|login)\.php$>
        Allow from all
        Satisfy any
    </Location>

    <Location ~ ^/dir/?$>
        Allow from all
        Satisfy any
    </Location>
</VirtualHost>

Make some basic tests

# curl -I http://localhost/
HTTP/1.1 401 Authorization Required
Date: Fri, 19 Feb 2016 10:03:38 GMT
Server: Apache/2.2.15 (CentOS)
WWW-Authenticate: Basic realm="SomeServer"
Content-Type: text/html; charset=iso-8859-1

# curl -I http://localhost/index.php
HTTP/1.1 401 Authorization Required
Date: Fri, 19 Feb 2016 10:03:43 GMT
Server: Apache/2.2.15 (CentOS)
WWW-Authenticate: Basic realm="SomeServer"
Content-Type: text/html; charset=iso-8859-1


# curl -I http://localhost/dir/index.php
HTTP/1.1 200 OK
Date: Fri, 19 Feb 2016 10:03:49 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.6.16
Content-Type: text/html; charset=UTF-8


# curl -I http://localhost/dir/
HTTP/1.1 200 OK
Date: Fri, 19 Feb 2016 10:03:52 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.6.16
Content-Type: text/html; charset=UTF-8


# curl -I http://localhost/dir/some_file.php
HTTP/1.1 401 Authorization Required
Date: Fri, 19 Feb 2016 10:04:07 GMT
Server: Apache/2.2.15 (CentOS)
WWW-Authenticate: Basic realm="SomeServer"
Content-Type: text/html; charset=iso-8859-1

# curl -I http://localhost/dir
HTTP/1.1 301 Moved Permanently
Date: Fri, 19 Feb 2016 10:04:14 GMT
Server: Apache/2.2.15 (CentOS)
Location: http://localhost/dir/
Content-Type: text/html; charset=iso-8859-1

Related Solutions

Centos – WebDAV on CentOS – getting 403 error when attempt to upload

I recently struggled with the same problem on my Fedora 10 system. In my case the culprit was some odd redirection that I was doing in Apache. Specifically, I use a content management system (Drupal, to be exact) that within it's .htaccess includes the following redirection logic to redirect missing files to a PHP script:

# Rewrite URLs of the form 'x' to the form 'index.php?q=x'.
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]

It makes sense that the above only affects the PUT method since in that case REQUEST_FILENAME does not exist.

Not having the WebDAV area inside of the Drupal area, which seems like a reasonable constraint, fixes the problem.

Also, I think it is likely that SELinux would result in a different error, but it's not mentioned in the discussion above. Did you try disabling SELinux?

.htaccess password protection not working in localhost

This will most likely be because you have an AllowOverride statement that is disallowing access to .htaccess files. You will need to configure as a minimum

AllowOverride AuthConfig

within a <Directory> block for /home/Server/Dev

<Directory /home/Server/Dev >
    AllowOverride AuthConfig
    ...
</Directory>

Best Answer

Related Solutions

Centos – WebDAV on CentOS – getting 403 error when attempt to upload

.htaccess password protection not working in localhost

Related Topic