A user enters my website and arrives at the home page, he/she should always and only be at home page. All other files are scripts that are run by the homepage but the user should never navigate to them. So here's my directory layout:
They will arrive at Front.php and should always stay at Front. So I created an htaccess file that has this code:
DirectoryIndex Front.php index.html
AuthType Basic
AuthName "Login"
AuthUserFile /disks/*/*/*/.htpasswd
Require valid-user
Right now, EVERYTHING requires authentication. But I want everything except Front.php to require authentication. How can I exclude Front.php from the authentication?
Also, will this authentication prevent the scripts from running or does it just prevent the user from navigating TO the file via url?
You say you don't want to be able to enter other scripts, but you add authentication to it.
If you don't want to execute those scripts directly, it's better to move them out of the public_html folder, so they cannot be reached from outside at all. You will still be able to include/require them in front.php.
Admin scripts can easily be moved to a subdirectory on which you can add authentication from .htaccess. If you want to add authentication to some files, but not all, you can also choose to send the required headers from the PHP scripts.
You often see a check like this at the start of a file:
In the entry page (index.php, front.php, whatever), you can add this line:
This way, every file that is called directly will die and terminate immediately, but when it is included from front.php, the check succeeds and the file is included.
Try:
This uses the
Satisfy
directive and sets it toany
, meaning either theRequire valid-user
or theAllow
is good enough. The variablenorequire_auth
only gets set when the URI is/Front.php
. You can add additional whitelisted URI's if you want by including additionalSetEnvIfNoCase
directives.It won't prevent the scripts from running, if you include them via a
include
orrequire
. But if you directly link to them fromFront.php
's HTML content, the login dialog will pop up for Front.php.Use this ruleset:
Use this .htaccess content to prevent people from requesting anything but front.php:
Now only fron.php will be available to anyone accessing your apache.
BTW - as far as I know - you can force Apache to authenticate anything in particular directory but not not single files.