Programster's Blog

Tutorials focusing on Linux, programming, and open-source

Htaccess - Require Auth For Everywhere Except Whitelist

I have a site that is currently set to require basic authentication for everything. However this prevents the Lets encrypt automated process from working, so I needed to allow a specific route. Below is a configuration example that requires authentication for the entire site, except for anything underneath the public folder.

AuthName "Protected Directory"
AuthUserFile "/var/www/htpasswd"
AuthType Basic

RewriteEngine On

SetEnvIf REQUEST_URI "(/public)$" ALLOW

<RequireAny>
  Require env ALLOW
  Require valid-user
</RequireAny>

Everything is easy, once you know how.

References

Last updated: 5th June 2024
First published: 22nd January 2019