Basic Auth not excluding urls

[Frank Cuzziod]

Hi. I need to setup Apache Basic Auth to ask usr/password in all pages of my website, and exclude some of them.

I've done this in several ways that Apache accepts (methods 1 through 3) and, in Apache, they're working flawlessly.

Now, when I upload the same .htaccess to my hosting provider (Banahosting.com), their LiteSpeed server is blocking all pages, it's ignoring completely the directives to exclude those specific pages.

The .htaccess file is in the directory I would like the access restrictions to be applied, and contains this (right now METHOD 1 is active, all other commented out, but in Apache they work OK):

---------------------------------------------------------------

AuthType Basic
AuthName "Login"
AuthUserFile "security/.htpasswd"

# METHOD 1
SetEnvIf Request_URI ^/private/(page.php|ajax/.*) noauth=1

<RequireAny>
    Require env noauth
    Require env REDIRECT_noauth
    Require valid-user
</RequireAny>

# METHOD 2
#Require expr %{REQUEST_URI} = m#^/private/page.php#
#Require expr %{REQUEST_URI} = m#^/private/ajax/.*#
#Require valid-user

# METHOD 3
#Require expr %{REQUEST_URI} in {'/private/page.php', '/private/ajax/res1.php', '/private/ajax/res2.php'}
#Require valid-user

---------------------------------------------------------------

Do you support any synthax to tell LiteSpeed to "accept" those urls?

 

[mistwang]

Currently "Require env" and "Require expr" are not supported. We will add that to our to-do list.

 

[Frank Cuzziod]

Oh, so... is there any way to exclude urls off basic auth? by using some other directive?

 

[mistwang]

in the directory need to be excluded add

Allow from all
Satisfy any

to the .htaccess. see if it works or not.

 

[Frank Cuzziod]

Yes, it works, in fact I used this in directories that had some files to be excluded:

<FilesMatch "file-a|file-b">
    Order allow,deny
    Allow from all
    Satisfy any
</FilesMatch>

Thanks.

Now I really need to setup AuthUserFile for several different environments.

It would be awesome if I could use the <If> directive, but it's not available, right? Is there a list of directives available for LiteSpeed so I can work my way around?

Thanks again mistwang!

 

[sofatime]

Currently "Require env" and "Require expr" are not supported. We will add that to our to-do list.

Is "Require expr" supported now? I tried to use it, but was not successful.

Thanks

 

[data303]

I tested it with lsws 5.2.8 and it seems still not to be supported.
@lsws support staff are there any plans that the feature "Require env xxx" will be added?

<RequireAny>
   Require env noauth
   Require env REDIRECT_noauth
   Require valid-user
</RequireAny>

 

[mistwang]

support for those directive will be considered after 5.3 being released.