Skip to main content

htaccess allow specific path [Resolved]

Currently htaccess is denying all users. I want to only allow the JSON feed from wordpress to be accessible by all users

From the htaccess file's location, the feed url is:

./row/wordpress/wp-json/wp/v2/screen

Question

From what I understand, this is a "virtual" url created by rewrite rules. Since it's not an actual file and just an endpoint, how do I allow any user to access it?

Current Attempt

Here is my current attempt which blocks all users without a password. My Files node does nothing.

// root folder's .htaccess

AuthUserFile /var/www/domains/dev/.htpasswd
AuthType Basic
AuthName "Password Required"
Require user SecretUser
Order Deny,Allow
Deny from All


    Allow from all


Satisfy Any       

Question

How can I get the virtual path of ./row/wordpress/wp-json/wp/v2/screen to be viewable my all visitors?

** edit **

I've since tried both


    Allow from All



    Allow from All

With no success, they both cause a 501


Question Credit: Jacksonkr
Question Reference
Asked July 21, 2019
Posted Under: Network
22 views
2 Answers

Due to the nature of the virtual path (created by wordpress) I had to use THE_REQUEST instead:

<If "%{THE_REQUEST} =~ m#^GET /sites/dawna/wordpress/wp-json/#">
        Allow from All
        Satisfy Any
</If>

The wordpress redirect uses wordpress/index.php so using the REQUEST_URI wasn't working because the uri is always /path/to/wordpress/index.php making the my if statement useless.

NOTE

If you need to support PUT's or other you'll have to add that in. [A-Z]{3} or [A-Z]{3-6} where the latter will open up to everything.


credit: Jacksonkr
Answered July 21, 2019

Here are two different approaches to allow a single url, whether it refers to physical file or not, to bypass basic password authentication:

Option 1: Allow a single URL through the password protection:

AuthType Basic
AuthName "Password Required"
AuthUserFile /var/www/domains/dev/.htpasswd
Require expr %{REQUEST_URI} == '/row/wordpress/wp-json/wp/v2/screen'
Require user SecretUser

Option 2: Apply password protection to all requests that don't match a specific URL (this option requires Apache 2.4):

<If "%{REQUEST_URI} != '/row/wordpress/wp-json/wp/v2/screen'">
    AuthType Basic
    AuthName "Password Required"
    AuthUserFile /var/www/domains/dev/.htpasswd
    Require user SecretUser
</If>

credit: PeterA
Answered July 21, 2019
Your Answer
D:\Adnan\Candoerz\CandoProject\vQA