问题
Hi i need to protect my app during the testing phase.
I read this post about excluding one url from Basic Auth
But i'd like to exclude 2 urls :
/api/*
/oauth/v2/token
So the entire app will be protected except for those two urls, that will be public. Otherwise i can't access my api routes.
My .htaccess for now is :
# Protect the app with password
AuthUserFile /home/master/public_html/web/.htpasswd
AuthName "Protected"
AuthType Basic
Require valid-user
So i'm guessing i should need some sort or regex in :
SetEnvIf Request_URI ^/api/ noauth=1
How can i have like a OR condition?
回答1:
Try :
SetEnvIf Request_URI ^/(api/|oauth/V2/token) noauth=1
You can exclude uris, just seperate them using a bar |
回答2:
You can wrap Require inside another directive, like Directory or Location
<Location /api/>
Require all granted
</Location>
<Location /oauth/v2/token>
Require all granted
</Location>
Not asked, but Getting it working says about .htpasswd
This file should be placed somewhere not accessible from the web. This is so that folks cannot download the password file.
So you shouldn't put .htpasswd inside public_html.
来源:https://stackoverflow.com/questions/37642776/htaccess-exclude-multiple-url-from-basic-auth