Question How to except one URL from protected directories?

[TinaBura]

Hi,
I have a subdomain that should be entirely protected. I have setup protected directories in Plesk and it works. Now I need to except one URL from basic_auth. Additionally the URL has parameters. Example:

• https://subdomain.example.com - any URL should be protected
• https://subdomain.example.com/index.php?param1=val1&param2=val2
  - only this URL should be public (auth_basic off), the parameters are fixed, so it must be exact matching

This is needed for an API that uses the URL to get contents from the project. I cannot change the API, I can only "free up" the URL. Is it possible? The server uses nginx with Apache.
Thanks,
Tina

 

[Bitpalast]

This cannot be achieved by the built-in password-protected-directories function of Plesk. Instead, you need to create an .htpasswd file and an .htaccess file (or modify the existing .htaccess file in the document root directory of your subdomain) where you specifcy with environment variables what shall be protected and what not. It could look somewhat similar to this:

AuthName "Protected directory"
Require valid-user
AuthUserFile "/some-directory-for-the-password-file/.htpasswd"
AuthType basic
SetEnvIf Request_URI "(path/to/directory/)$" allow
SetEnvIf Request_URI "(path/to/file\.php)$"  allow
Order allow,deny
Allow from env=allow
Satisfy any

The SetEnvIf settings combined with "allow" exclude the given directories or files from the protection. You will also need to create the .htpasswd file with a user name and the encrypted password. For more details, please try a search engine search for keywords like ".htaccess password protected directories" or similar.