- Word of the day: Ouch.
- I’m done with the cancer, but the cancer isn’t done with me
- Goodbye, my dopey dog.
- So long, Alex King
Polluting the internet since 2004
These two have always been questions in my mind but until recently I’ve never had the need to actually put time in to satisfying my curiosity and as I look around I haven’t (easily) found any real world examples of these out there.
So, we all know how to set up basic HTTP authentication, right? Good. Here we go…
Please re-read this post. It has been corrected for erroneous information!
You might have something like this in your
Now with just a few tweaks we can make less of a simple all or nothing wall between your users and the content and set some of it free.
So, you want to require a password to outsiders but you and your co-workers are getting tired of entering the username and password for every small visit needed to the site? If your office has a static IP address, allow it.
What we’re telling Apache is to allow access from the IP address and to Satisfy any of the access requirements. If Satisfy were set to all, access would require username, password and IP address matches to grant access.
Sometimes we need to poke holes in the wall to allow unfettered access to one resource or another. This is pretty straight forward.
First off, lets allow access to an entire directory. In the directory you want to open up, make a .htaccess file and add just this code:
We pretty much just tell Apache that anyone should be let in and all auth directives should be considered satisfied.
But maybe we don’t want to give full access to everything in that folder. Maybe its just one file. That can be done too. All we need to do is use the Apache
Files directive to provide a filename to allow access to.
Lastly, this can also be done for a series of files based on regex filename matching. This code allows access to images without requiring auth:
This is really just scratching the surface, but for a lot of day to day needs of projects in development that shouldn’t be opened up to the whole world these guys can go a long way to helping make life just a little bit easier.
Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.
Super tips. Thanks for looking in to this subject.
For me works specified deny-allow order, like:
AuthName “Halt! Who goes there?”
Deny from all
Allow from 192.168.0.0/16
tjn, May 5, 2013 5:59 am | permalink
When I tried “Allow from all”, Apache 2.2.15 gave an error: “allow not allowed here”. I tried “require none”, and that worked.
Tice easy tip on unprotecting a single directory, I was going the hard route. Thanks!
Wes, September 4, 2013 1:59 pm | permalink
The Satisfy directive is no available for Files. Only for Directory.
Remove that line and you will see that it behaves the same.
Razvan, May 5, 2014 7:02 am | permalink
[…] Simple, but handy .htaccess tricks Categories: Development Tags: class-infrastructure, day-needs, flesh-out-some, […]
July 11, 2009 | 12:15 am
[…] Simple, but handy .htaccess tricks […]
July 12, 2009 | 1:23 pm
[…] Simple, but handy .htaccess tricks | The Gippy Pages […]
July 14, 2009 | 6:02 pm
Comments are closed