apache.htaccessbasic-authentication.htpasswd

htaccess exclude multiple url from Basic Auth


Hi i need to protect my app during the testing phase.

I read this post about excluding one url from Basic Auth

But i'd like to exclude 2 urls :

/api/*

/oauth/v2/token

So the entire app will be protected except for those two urls, that will be public. Otherwise i can't access my api routes.

My .htaccess for now is :

# Protect the app with password
AuthUserFile /home/master/public_html/web/.htpasswd
AuthName "Protected"
AuthType Basic
Require valid-user

So i'm guessing i should need some sort or regex in :

SetEnvIf Request_URI ^/api/ noauth=1

How can i have like a OR condition?


Solution

  • Try :

    SetEnvIf Request_URI ^/(api/|oauth/V2/token) noauth=1
    

    You can exclude multiple URIs. Just seperate them using the pipe symbol |.