Apache2: Exclude all the rest api Request_URIs from Basic Auth by matching with some expressionsI can't get the directory contents to not be listed when viewing localhost/mySiteApache gives 403 ForbiddenApache Alias Folder: 403 Access ForbiddenApache 2.4 rules, defaults and overrides for subdirectories with FilesMatchI can't get wordpress on working on a apache! Please help!mod_auth_kerb/apache 2.4 not authenticating for sub foldersUnable to access remotely (LAMP issue)Apache2 Server over IPv6 using Teredo500 Internal Server Error after installing Zend framework on UbuntuCannot enable php-curl on Ubuntu 18.04 & PHP 7.2
250 Floor Tower
Did arcade monitors have same pixel aspect ratio as TV sets?
Strong empirical falsification of quantum mechanics based on vacuum energy density
New brakes for 90s road bike
Symbol used to indicate indivisibility
Why electric field inside a cavity of a non-conducting sphere not zero?
What is Cash Advance APR?
Not using 's' for he/she/it
Why did the EU agree to delay the Brexit deadline?
What does "Scientists rise up against statistical significance" mean? (Comment in Nature)
Why Shazam when there is already Superman?
Added a new user on Ubuntu, set password not working?
Why does the Sun have different day lengths, but not the gas giants?
Multiplicative persistence
Terse Method to Swap Lowest for Highest?
Biological Blimps: Propulsion
Does a 'pending' US visa application constitute a denial?
Open a doc from terminal, but not by its name
L1 and Ln cache: when are they written?
"Spoil" vs "Ruin"
How to follow the Halacha?
What is the evidence for the "tyranny of the majority problem" in a direct democracy context?
How much character growth crosses the line into breaking the character
Are the IPv6 address space and IPv4 address space completely disjoint?
Apache2: Exclude all the rest api Request_URIs from Basic Auth by matching with some expressions
I can't get the directory contents to not be listed when viewing localhost/mySiteApache gives 403 ForbiddenApache Alias Folder: 403 Access ForbiddenApache 2.4 rules, defaults and overrides for subdirectories with FilesMatchI can't get wordpress on working on a apache! Please help!mod_auth_kerb/apache 2.4 not authenticating for sub foldersUnable to access remotely (LAMP issue)Apache2 Server over IPv6 using Teredo500 Internal Server Error after installing Zend framework on UbuntuCannot enable php-curl on Ubuntu 18.04 & PHP 7.2
I have setup Basic Auth for an Opencart project for browser authentication to allow access to relevant users only. Now, I need to use REST API for a mobile app. When I call an endpoint from the API to get some details from Opnecart Project it requires an access_token to be generated from API and by using that access_token with every request, I can get details from the API. The problem is Basic Auth that I have setup for project and because of that I cannot access API as I can only use 1 method to access the API that is GET method to get the details from opencart, I cannot use 2 methods i.e. Auth Header and GET methods. So, what I am trying to do is to disable Basic Auth if the Request_URI includes api calls.
What I have tried so far with the vhost of the project is following, but all this did not work.
Got the idea from the following question's accepted answer but it didn't workout for me.
https://stackoverflow.com/questions/8978080/htaccess-exclude-one-url-from-basic-auth?answertab=votes#tab-top
<Directory /var/www/html/projectexample>
AllowOverride All
# Auth stuff
AuthName "Authentication Required"
AuthType Basic
AuthUserFile /etc/apache2/.htpasswd
Order allow,deny
Deny from all
Satisfy any
<RequireAny>
<RequireAll>
Require expr %REQUEST_URI =~ m#^/api/rest/.*#
</RequireAll>
Require valid-user
</RequireAny>
</Directory>
I have also tried to use SetEnvIf environment variable like following but it didn't workout either.
<Directory /var/www/html/projectexample>
AllowOverride All
# Auth stuff
AuthName "Authentication Required"
AuthType Basic
AuthUserFile /etc/apache2/.htpasswd
SetEnvIf Request_URI "^/api/*" allow=1
#SetEnvIf Request_URI "^/(api/*)" allow=1
Order allow,deny
Require valid-user
Allow from env=allow
Deny from env!=allow
Satisfy any
</Directory>
Any Solutions Please?
server 18.04 apache2 authentication .htaccess
asked Jan 6 at 0:53
HaroonHaroon
1412316
add a comment |
I have setup Basic Auth for an Opencart project for browser authentication to allow access to relevant users only. Now, I need to use REST API for a mobile app. When I call an endpoint from the API to get some details from Opnecart Project it requires an access_token to be generated from API and by using that access_token with every request, I can get details from the API. The problem is Basic Auth that I have setup for project and because of that I cannot access API as I can only use 1 method to access the API that is GET method to get the details from opencart, I cannot use 2 methods i.e. Auth Header and GET methods. So, what I am trying to do is to disable Basic Auth if the Request_URI includes api calls.
What I have tried so far with the vhost of the project is following, but all this did not work.
Got the idea from the following question's accepted answer but it didn't workout for me.
https://stackoverflow.com/questions/8978080/htaccess-exclude-one-url-from-basic-auth?answertab=votes#tab-top
<Directory /var/www/html/projectexample>
AllowOverride All
# Auth stuff
AuthName "Authentication Required"
AuthType Basic
AuthUserFile /etc/apache2/.htpasswd
Order allow,deny
Deny from all
Satisfy any
<RequireAny>
<RequireAll>
Require expr %REQUEST_URI =~ m#^/api/rest/.*#
</RequireAll>
Require valid-user
</RequireAny>
</Directory>
I have also tried to use SetEnvIf environment variable like following but it didn't workout either.
<Directory /var/www/html/projectexample>
AllowOverride All
# Auth stuff
AuthName "Authentication Required"
AuthType Basic
AuthUserFile /etc/apache2/.htpasswd
SetEnvIf Request_URI "^/api/*" allow=1
#SetEnvIf Request_URI "^/(api/*)" allow=1
Order allow,deny
Require valid-user
Allow from env=allow
Deny from env!=allow
Satisfy any
</Directory>
Any Solutions Please?
server 18.04 apache2 authentication .htaccess
asked Jan 6 at 0:53
HaroonHaroon
1412316
add a comment |
I have setup Basic Auth for an Opencart project for browser authentication to allow access to relevant users only. Now, I need to use REST API for a mobile app. When I call an endpoint from the API to get some details from Opnecart Project it requires an access_token to be generated from API and by using that access_token with every request, I can get details from the API. The problem is Basic Auth that I have setup for project and because of that I cannot access API as I can only use 1 method to access the API that is GET method to get the details from opencart, I cannot use 2 methods i.e. Auth Header and GET methods. So, what I am trying to do is to disable Basic Auth if the Request_URI includes api calls.
What I have tried so far with the vhost of the project is following, but all this did not work.
Got the idea from the following question's accepted answer but it didn't workout for me.
https://stackoverflow.com/questions/8978080/htaccess-exclude-one-url-from-basic-auth?answertab=votes#tab-top
<Directory /var/www/html/projectexample>
AllowOverride All
# Auth stuff
AuthName "Authentication Required"
AuthType Basic
AuthUserFile /etc/apache2/.htpasswd
Order allow,deny
Deny from all
Satisfy any
<RequireAny>
<RequireAll>
Require expr %REQUEST_URI =~ m#^/api/rest/.*#
</RequireAll>
Require valid-user
</RequireAny>
</Directory>
I have also tried to use SetEnvIf environment variable like following but it didn't workout either.
<Directory /var/www/html/projectexample>
AllowOverride All
# Auth stuff
AuthName "Authentication Required"
AuthType Basic
AuthUserFile /etc/apache2/.htpasswd
SetEnvIf Request_URI "^/api/*" allow=1
#SetEnvIf Request_URI "^/(api/*)" allow=1
Order allow,deny
Require valid-user
Allow from env=allow
Deny from env!=allow
Satisfy any
</Directory>
Any Solutions Please?
server 18.04 apache2 authentication .htaccess
asked Jan 6 at 0:53
HaroonHaroon
1412316
I have setup Basic Auth for an Opencart project for browser authentication to allow access to relevant users only. Now, I need to use REST API for a mobile app. When I call an endpoint from the API to get some details from Opnecart Project it requires an access_token to be generated from API and by using that access_token with every request, I can get details from the API. The problem is Basic Auth that I have setup for project and because of that I cannot access API as I can only use 1 method to access the API that is GET method to get the details from opencart, I cannot use 2 methods i.e. Auth Header and GET methods. So, what I am trying to do is to disable Basic Auth if the Request_URI includes api calls.
What I have tried so far with the vhost of the project is following, but all this did not work.
Got the idea from the following question's accepted answer but it didn't workout for me.
https://stackoverflow.com/questions/8978080/htaccess-exclude-one-url-from-basic-auth?answertab=votes#tab-top
<Directory /var/www/html/projectexample>
AllowOverride All
# Auth stuff
AuthName "Authentication Required"
AuthType Basic
AuthUserFile /etc/apache2/.htpasswd
Order allow,deny
Deny from all
Satisfy any
<RequireAny>
<RequireAll>
Require expr %REQUEST_URI =~ m#^/api/rest/.*#
</RequireAll>
Require valid-user
</RequireAny>
</Directory>
I have also tried to use SetEnvIf environment variable like following but it didn't workout either.
<Directory /var/www/html/projectexample>
AllowOverride All
# Auth stuff
AuthName "Authentication Required"
AuthType Basic
AuthUserFile /etc/apache2/.htpasswd
SetEnvIf Request_URI "^/api/*" allow=1
#SetEnvIf Request_URI "^/(api/*)" allow=1
Order allow,deny
Require valid-user
Allow from env=allow
Deny from env!=allow
Satisfy any
</Directory>
Any Solutions Please?
server 18.04 apache2 authentication .htaccess
server 18.04 apache2 authentication .htaccess
asked Jan 6 at 0:53
HaroonHaroon
1412316
asked Jan 6 at 0:53
HaroonHaroon
1412316
asked Jan 6 at 0:53
HaroonHaroon
1412316
asked Jan 6 at 0:53
HaroonHaroon
1412316
asked Jan 6 at 0:53
HaroonHaroon
1412316
1412316
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
Assuming /var/www/html/projectexample is your document root and /var/www/html/projectexample/api is the API directory you want to allow unrestricted access, then you can just create two <Directory> containers. For example:
<Directory /var/www/html/projectexample>
AuthName "Authentication Required"
AuthType Basic
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
</Directory>
<Directory /var/www/html/projectexample/api>
Require all granted
</Directory>
The more specific /api <Directory> container overrides the former.
Assuming you are on Apache 2.4+, you should never mix old Apache 2.2 auth directives (Order allow,deny etc.) and the new <RequireAny> etc. directives. The old directives are only available for backwards compatibility only. Mixing the two types of directives can result in unexpected conflicts.
answered Jan 19 at 23:03
MrWhiteMrWhite
1136
add a comment |
The Solution which worked out for me because I have SEO URLs enabled in my project:
<Directory /var/www/html/projectexample>
AllowOverride All
</Directory>
<Location "/">
# Default to Basic Auth protection for any stie
AuthType Basic
AuthName "Authentication required"
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
# If the request goes to a rest page: bypass basic auth
SetEnvIf Request_URI ^/api/ noauth=1
Allow from env=REDIRECT_noauth
Allow from env=noauth
Order allow,deny
Satisfy any
Deny from env!=noauth
</Location>
Allow from env=REDIRECT_noauth is doing the trick here for SEO URLs.
answered 1 hour ago
HaroonHaroon
1412316
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "89"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1107316%2fapache2-exclude-all-the-rest-api-request-uris-from-basic-auth-by-matching-with%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
Assuming /var/www/html/projectexample is your document root and /var/www/html/projectexample/api is the API directory you want to allow unrestricted access, then you can just create two <Directory> containers. For example:
<Directory /var/www/html/projectexample>
AuthName "Authentication Required"
AuthType Basic
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
</Directory>
<Directory /var/www/html/projectexample/api>
Require all granted
</Directory>
The more specific /api <Directory> container overrides the former.
Assuming you are on Apache 2.4+, you should never mix old Apache 2.2 auth directives (Order allow,deny etc.) and the new <RequireAny> etc. directives. The old directives are only available for backwards compatibility only. Mixing the two types of directives can result in unexpected conflicts.
answered Jan 19 at 23:03
MrWhiteMrWhite
1136
add a comment |
Assuming /var/www/html/projectexample is your document root and /var/www/html/projectexample/api is the API directory you want to allow unrestricted access, then you can just create two <Directory> containers. For example:
<Directory /var/www/html/projectexample>
AuthName "Authentication Required"
AuthType Basic
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
</Directory>
<Directory /var/www/html/projectexample/api>
Require all granted
</Directory>
The more specific /api <Directory> container overrides the former.
Assuming you are on Apache 2.4+, you should never mix old Apache 2.2 auth directives (Order allow,deny etc.) and the new <RequireAny> etc. directives. The old directives are only available for backwards compatibility only. Mixing the two types of directives can result in unexpected conflicts.
answered Jan 19 at 23:03
MrWhiteMrWhite
1136
add a comment |
Assuming /var/www/html/projectexample is your document root and /var/www/html/projectexample/api is the API directory you want to allow unrestricted access, then you can just create two <Directory> containers. For example:
<Directory /var/www/html/projectexample>
AuthName "Authentication Required"
AuthType Basic
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
</Directory>
<Directory /var/www/html/projectexample/api>
Require all granted
</Directory>
The more specific /api <Directory> container overrides the former.
Assuming you are on Apache 2.4+, you should never mix old Apache 2.2 auth directives (Order allow,deny etc.) and the new <RequireAny> etc. directives. The old directives are only available for backwards compatibility only. Mixing the two types of directives can result in unexpected conflicts.
answered Jan 19 at 23:03
MrWhiteMrWhite
1136
Assuming /var/www/html/projectexample is your document root and /var/www/html/projectexample/api is the API directory you want to allow unrestricted access, then you can just create two <Directory> containers. For example:
<Directory /var/www/html/projectexample>
AuthName "Authentication Required"
AuthType Basic
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
</Directory>
<Directory /var/www/html/projectexample/api>
Require all granted
</Directory>
The more specific /api <Directory> container overrides the former.
Assuming you are on Apache 2.4+, you should never mix old Apache 2.2 auth directives (Order allow,deny etc.) and the new <RequireAny> etc. directives. The old directives are only available for backwards compatibility only. Mixing the two types of directives can result in unexpected conflicts.
answered Jan 19 at 23:03
MrWhiteMrWhite
1136
answered Jan 19 at 23:03
MrWhiteMrWhite
1136
answered Jan 19 at 23:03
MrWhiteMrWhite
1136
answered Jan 19 at 23:03
MrWhiteMrWhite
1136
1136
add a comment |
add a comment |
The Solution which worked out for me because I have SEO URLs enabled in my project:
<Directory /var/www/html/projectexample>
AllowOverride All
</Directory>
<Location "/">
# Default to Basic Auth protection for any stie
AuthType Basic
AuthName "Authentication required"
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
# If the request goes to a rest page: bypass basic auth
SetEnvIf Request_URI ^/api/ noauth=1
Allow from env=REDIRECT_noauth
Allow from env=noauth
Order allow,deny
Satisfy any
Deny from env!=noauth
</Location>
Allow from env=REDIRECT_noauth is doing the trick here for SEO URLs.
answered 1 hour ago
HaroonHaroon
1412316
add a comment |
The Solution which worked out for me because I have SEO URLs enabled in my project:
<Directory /var/www/html/projectexample>
AllowOverride All
</Directory>
<Location "/">
# Default to Basic Auth protection for any stie
AuthType Basic
AuthName "Authentication required"
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
# If the request goes to a rest page: bypass basic auth
SetEnvIf Request_URI ^/api/ noauth=1
Allow from env=REDIRECT_noauth
Allow from env=noauth
Order allow,deny
Satisfy any
Deny from env!=noauth
</Location>
Allow from env=REDIRECT_noauth is doing the trick here for SEO URLs.
answered 1 hour ago
HaroonHaroon
1412316
add a comment |
The Solution which worked out for me because I have SEO URLs enabled in my project:
<Directory /var/www/html/projectexample>
AllowOverride All
</Directory>
<Location "/">
# Default to Basic Auth protection for any stie
AuthType Basic
AuthName "Authentication required"
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
# If the request goes to a rest page: bypass basic auth
SetEnvIf Request_URI ^/api/ noauth=1
Allow from env=REDIRECT_noauth
Allow from env=noauth
Order allow,deny
Satisfy any
Deny from env!=noauth
</Location>
Allow from env=REDIRECT_noauth is doing the trick here for SEO URLs.
answered 1 hour ago
HaroonHaroon
1412316
The Solution which worked out for me because I have SEO URLs enabled in my project:
<Directory /var/www/html/projectexample>
AllowOverride All
</Directory>
<Location "/">
# Default to Basic Auth protection for any stie
AuthType Basic
AuthName "Authentication required"
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
# If the request goes to a rest page: bypass basic auth
SetEnvIf Request_URI ^/api/ noauth=1
Allow from env=REDIRECT_noauth
Allow from env=noauth
Order allow,deny
Satisfy any
Deny from env!=noauth
</Location>
Allow from env=REDIRECT_noauth is doing the trick here for SEO URLs.
answered 1 hour ago
HaroonHaroon
1412316
answered 1 hour ago
HaroonHaroon
1412316
answered 1 hour ago
HaroonHaroon
1412316
answered 1 hour ago
HaroonHaroon
1412316
1412316
add a comment |
add a comment |
Thanks for contributing an answer to Ask Ubuntu!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1107316%2fapache2-exclude-all-the-rest-api-request-uris-from-basic-auth-by-matching-with%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown