Ben Holness Ben Holness - 2 years ago 299
Apache Configuration Question

Require valid user apache 2.2 to 2.4

I have the following config in my .htaccess file, which is working in apache 2.2 but not in 2.4:

SetEnvIf Request_URI ^/admin require_auth=true

AuthUserFile /var/www/site.htpasswd
AuthName "Admin Access"
AuthType Basic

Require all denied
Satisfy any
Require valid-user
Allow from env=!require_auth


How do I convert this to work in apache 2.4? Basically, if the URI starts with /admin then they should be asked for the password.

Thanks!

Answer Source

Just put this .htaccess in the folder you want to protect:

AuthUserFile /var/www/site/.htpasswd
AuthName "Admin Access"
AuthType Basic
require valid-user

From https://httpd.apache.org/docs/2.4/howto/auth.html

For example, if you wish to protect the directory /usr/local/apache/htdocs/secret, you can use the following directives, either placed in the file /usr/local/apache/htdocs/secret/.htaccess, or placed in httpd.conf inside a section.

But with the new If Directive we could do it from the root directory as well.

<If "'%{REQUEST_URI}' =~ m#/?admin(/.*)?#">
    AuthUserFile /var/www/site/.htpasswd
    AuthName "Admin Access"
    AuthType Basic
    require valid-user
</If>

I tested this positive on a Ubuntu 16.04.03 LTS Server with Apache 2.4.27

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download