basic auth for all pages except one

by moe   Last Updated July 12, 2019 12:00 PM - source

I have a wordpress page and want to add basic auth to the page, except for the wordpress rest api (url: localhost/wp-json/xyz)!

The main problem seems to be the redirect that happens in the standard .htaccess of wordpress. Because of that I dont have access to the original request uri.

Here an example: I added these lines to my virtualhost conf:

SetEnvIf Request_URI "(^.*$)" RURI=$1
CustomLog "logs/custom.log" "%U - %{RURI}e"

And the output when I visit localhost/wp-json will be:

/wp-json - /index.php

So the request_uri is always index.php, I would need the value that is in "%U", but how can I get that?

I also tried to add a location directive:

<Location ~ "^/(?!wp-json)">
    AuthType Basic
    AuthName "Restricted Files"
    # (Following line optional)
    AuthBasicProvider file
    AuthUserFile "C:\Users\moe\passwd"
    Require user user

But this is also not working...

I am using Apache/2.4.38

Anyone got an idea?

Related Questions

Apache 2.4 Redundant LDAP Authentication

Updated December 16, 2015 14:00 PM

Apache - LDAP basic auth checked but not required

Updated December 12, 2017 10:00 AM