Apache server allows you to setup basic authentication for folders and directories on your website. But sometimes you may need to exclude certain folders and directories from authentication. Here is how to exclude directory from auth in Apache server.
How to Exclude Directory from Auth in Apache
Here are the steps to exclude directory from Auth in Apache server. There are two ways to do this – using Virtual Host and using .htaccess. We will look at both these methods. We have assumed that your .htpasswd file is located at /etc/apache2/.htpasswd
1. Exclude Folder Using Virtual Host
Let us say virtual host configuration file for your domain example.com is located at /etc/apache2/sites-enabled/example.conf. Open it using text editor.
$ sudo vi /etc/apache2/sites-enabled/example.conf
If you don’t have a virtual host configuration file, you can also use the default virtual host configuration file.
$ sudo vi /etc/apache2/sites-enabled/000-default.conf
Let us say you have the following VirtualHost tag in it. Following is the default configuration used by most websites with document root at /var/www/html.
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
...
</VirtualHost>
Also read : How to Exclude Folder from Rewrite Rules in Apache
Let us say you want to password protect folder /var/www/html/folder1, then add the following Directory tag to your Virtual host file
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory "/var/www/html/folder1">
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
</Directory>
</VirtualHost>
Let us say you want to exclude folder /var/www/html/folder1/folder2, in that case add another Directory tag in your Virtual Host file for this folder.
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory "/var/www/html/folder1">
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
</Directory>
<Directory "/var/www/html/folder1/folder2">
Order Deny,Allow
Allow from all
Satisfy any
</Directory>
</VirtualHost>
In the above configuration, the first directory tag enables password authentication for /var/www/html/folder1 and the second directory tag allows access from all to folder /var/www/html/folder2. Please update the folder locations above as per your requirement.
Also read : How to Check Number of Concurrent Connections in Apache
2. Exclude folder using .htaccess
You can also exclude directory using .htaccess file. Open .htaccess file in a text editor
$ sudo vi /var/www/html/.htaccess
Add the following lines to it.
AuthType BasicAuthName "Please login."AuthUserFile "/etc/apache2/.htpasswd"Require expr %{REQUEST_URI} =~ m#^/folder1/folder2/.*#Require valid-user
The first 3 lines above enable password authentication for your website while line 4 adds a condition that all URLs which require authentication must not begin with /folder1/folder2 thereby excluding /var/www/html/folder1/folder2 directory. If you want to enable password authentication for a specific folder (e.g. /var/www/html/folder1) then add the above lines in the .htaccess file in that directory (e.g. /var/www/html/folder1/.htaccess).
If you use Apache <2.4, you can also use SetEnvIfNoCase directive to identify excluded URLs and allow access using the following code.
SetEnvIfNoCase Request_URI "^/folder1/folder2" noauth AuthType Basic AuthName "Identify yourself" AuthUserFile /etc/apache2/.htpasswd Require valid-user Order Deny,Allow Deny from all Allow from env=noauth Satisfy any
In this case, we tag all URLs starting with /folder1/folder2 as noauth, and allow access to those URLs without password authentication.
In this article, we have learnt how to exclude folders & directories from password authentication in Apache server.
Also read : How to Generate Subdomains on the fly in PHP