Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Exclude rewrite directory form protectrion

Tags:

apache

.htaccess

mod-rewrite

We have a magento installation. Because of dev purposes we have it closed with .htacces protection. But I do want to open the API so I don't have to whitelist a bunch of 3rd party services.

The construction below does work for files that exist (api.php) but not for urls that are rewriten (api, api/?wsdl).

This .htaccess is one dir above the public_html. Based on perishablepress

AuthType Basic
AuthName "Toegang nodig? neem gerust contact op: 038-8200270 !"
AuthUserFile /home/kijken/domains/.htpasswd
AuthGroupFile /dev/null
Require valid-user
# allow public access to the following resources
SetEnvIf Request_URI "^/api.php" allow
SetEnvIf Request_URI "^/api/" allow  #api is not a real folder
SetEnvIf Request_URI "^/api/?wsdl" allow

Order allow,deny
Allow from env=allow

Allow from 217.121.158.248 #Company HQ

Satisfy any

Magento with it's .htaccess is in the public_html, mirror of the file

What do I need to change to make it work with non existing files?
I don't mind a different setup as long as the following 3 criteria are met:

  1. Whitelist IP (currently works)
  2. Login for other IP's (currently works)
  3. Exclude certain URL's (the root problem)
like image 895
janw Avatar asked Dec 09 '25 17:12

janw

1 Answers

Looking at your setup and following your explanation, the easiest way of doing it would be to put your restriction code at the top of Magento htaccess (/public_html/.htaccess).

I've pasted it above the rest of the magento .htacces inside the public_html. Nothing changes about my question. The problems stay the same.

That's because Magento's htaccess erases your restriction. You need to delete those 2 lines :

enter image description here

Another detail
SetEnvIf Request_URI "^/api/?wsdl" allow is useless since :

  1. query string part (wsdl here) is not included in Request_URI (won't match what you expect)
  2. previous rule (SetEnvIf Request_URI "^/api/" allow) is larger and includes your useless one

Conclusion
Here's how your final code should look like

SetEnvIf Request_URI "^/api\.php$" allow
SetEnvIf Request_URI "^/api/" allow

AuthType Basic
AuthName "Toegang nodig? neem gerust contact op: 038-8200270 !"
AuthUserFile /home/kijken/domains/.htpasswd
AuthGroupFile /dev/null
Require valid-user
Order allow,deny
Allow from env=allow
Allow from 217.121.158.248
Satisfy any

# Magento htaccess code here

Tested and working

like image 189
Justin Iurman Avatar answered Dec 13 '25 06:12

Justin Iurman
Sign in to Comment

Related questions

Handling Null using ConvertRecord in NiFi
Process specific .htm page as .php on Apache server [duplicate]
How to rewrite .php to .html with mod_rewrite rules
Setting ExpiresByType for entire server
Deny all access to a file but one ip | htaccess
Jenkins / Apache Reverse Proxy Error
Apache + mod_wsgi / Lighttpd + wsgi - am I going to see differences in performance?
Apache rewrite rules with Perl backslash sequences not working

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!