Programster's Blog

Tutorials focusing on Linux, programming, and open-source

Htaccess - Require Auth For Everywhere Except Whitelist

I have a site that is currently set to require basic authentication for everything. However this prevents the Lets encrypt automated process from working, so I needed to allow a specific route. Below is a configuration example that requires authentication for the entire site, except for anything underneath the public folder.

AuthName "Protected Directory"
AuthUserFile "/var/www/htpasswd"
AuthType Basic

RewriteEngine On

SetEnvIf REQUEST_URI "(/public)$" ALLOW

  Require env ALLOW
  Require valid-user

Everything is easy, once you know how.


Last updated: 13th February 2021
First published: 22nd January 2019