1
I have an application developed in Cakephp 2, but I believe that the issue does not have as much involvement with the framework itself, just citing to contextualize.
Being this private application, basically a webservice for data access with a mobile app, I restricted access using authentication basic HTTP of own Apache in the archive .htaccess.
There is the way physical for files/photos that I want free access, so I included this exception getting like this:
AuthType Basic
AuthName "Meu webservice"
AuthUserFile /foo/bar/.htpasswd
Require valid-user
SetEnvIf Request_URI "files/photos/" allow
Order allow,deny
Allow from env=allow
Satisfy any
Works perfectly, restricting all access to webservice with the exception of the given directory. Now I need to restrict a new access but this time it is not a URL pointing to a physical path but rather "virtual", since the framework (MVC-like) uses the mod_rewrite to rewrite the Urls.
Just adding the line below did not succeed, still requested user and password.
SetEnvIf Request_URI "users/confirmation/" allow
I don’t know if the problem is the fact of using the rewriting of Urls, but considering that one physical path I achieved success and the other not, I imagine it makes some sense my doubt.