Apache2 Location directive and mod_rewrite

Server Fault Asked by Ben Holness on February 1, 2021

I have a website that is protected with basic authentication, except for one file, one folder, and one rewritten URL location.

It looks like this:


<Directory /var/www/mydomain.com>
  AuthType Basic
  AuthName "Authentication Required"
  AuthUserFile "/etc/htpasswd.mydomain"
  Require valid-user
  Options Indexes  FollowSymLinks
  AllowOverride All
</Directory>

<Location /manifest.webmanifest>
  Satisfy Any
  Allow from all
</Location>

<Location /icons/>
  Satisfy Any
  Allow from all
</Location>

<Location /receive>
  Satisfy Any
  Allow from all
</Location>

manifest.webmanifest and files in the /icons/ folder bypass the auth, but /receive doesn’t. The obvious difference is that receive isn’t an actual file – it gets rewritten to /index.php for rendering.

How can I make it bypass the auth for /receive?

EDIT: The rewrite happens in a .htaccess file:

RewriteEngine On

RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME}.php !-f
RewriteRule ^(.*)$ index.php?AppRouting=$1 [QSA]

apache 2.4 http basic authentication mod rewrite

Add your own answers!

Ask a Question

Get help from others!

Recent Answers

Peter Machado on Why fry rice before boiling?
Joshua Engel on Why fry rice before boiling?
Lex on Does Google Analytics track 404 page responses as valid page views?
haakon.io on Why fry rice before boiling?
Jon Church on Why fry rice before boiling?