{"id":1952,"date":"2019-11-05T22:07:05","date_gmt":"2019-11-05T13:07:05","guid":{"rendered":"https:\/\/kahoo.blog\/?p=1952"},"modified":"2020-10-26T17:25:21","modified_gmt":"2020-10-26T08:25:21","slug":"apache2-4-if-directive-slash-code","status":"publish","type":"post","link":"https:\/\/kahoo.blog\/en\/apache2-4-if-directive-slash-code\/","title":{"rendered":"[Apache2.4] How to use slash in IF directive of .htaccess"},"content":{"rendered":"<h1>[Apache2.4] How to use slash in IF directive of .htaccess<\/h1>\n<p><strong>\u300cI want to apply BASIC authentication only in a specific environment with .htaccess\u300d<br \/>\n\u300cI want to use BASIC authentication only for complex request URIs with .htaccess\u300d<\/strong><\/p>\n<p>Hello, I&#8217;m taka.<\/p>\n<p><code>.htaccess<\/code> is useful.<\/p>\n<p><code>.htaccess<\/code> is indispensable when customizing various web applications, but <strong>it&#8217;s hard to remember the writing rules!!<\/strong><\/p>\n<p>Because of its unique description rules, I feel uneasy when implementing it even if I remember it.<\/p>\n<p>In the meantime, with Apache 2.4, it became possible to perform finer control, and there was a little touching code, so I will introduce it.<\/p>\n<h2>Apply BASIC authentication for each environment<\/h2>\n<p>Starting with Apache 2.4, the If directive can be used, allowing finer control.<\/p>\n<p>For example, when you want to apply <strong>BASIC authentication only in the development environment<\/strong>, describe as follows.<\/p>\n<pre><code class=\"config\">&lt;If \"%{HTTP_HOST} == 'dev.example.com'\"&gt;\n    AuthUserFile \/path\/to\/your\/.htpasswd\n    AuthGroupFile \/dev\/null\n    AuthName \"Basic Auth\"\n    AuthType Basic\n    Require valid-user\n&lt;\/If&gt;\n<\/code><\/pre>\n<p>It&#8217;s intuitive and easy to understand. This is a common usage.<\/p>\n<h2>Apply BASIC authentication only for specific request URIs<\/h2>\n<p>This was the code that impressed me<\/p>\n<p>As mentioned above, it was fairly easy if the process was controlled by the HOST name.<br \/>\nSometimes you want to apply <strong>BASIC authentication by request URI<\/strong>.<\/p>\n<p>For example, when you want to apply BASIC authentication only to an administrative URI like <code>\/admin\/xxxxx<\/code>.<\/p>\n<p>In such a case, the URI is described with a regular expression to support all admin and below.<\/p>\n<p>At this time, the regular expression pattern itself in <code>.htaccess<\/code> is surrounded by slashes, so it is a problem when writing the slashes themselves.<\/p>\n<p>So, in general, escape is escaped with a backslash, so it is written as follows.<\/p>\n<pre><code class=\"config\">&lt;If \"%{REQUEST_URI} =~ \/\\\/admin\\\/.*\/\"&gt;\n<\/code><\/pre>\n<p>This is NG.<\/p>\n<p>I&#8217;m afraid of <code>500: Internal Server Error<\/code>.<\/p>\n<p>Then, what to do is described as follows.<\/p>\n<pre><code class=\"config\">&lt;If \"%{REQUEST_URI} =~ \/\\x2Fadmin\\x2F.*\/\"&gt;\n<\/code><\/pre>\n<p>The slash is represented by <code>\\x2F<\/code>.<\/p>\n<p>I didn&#8217;t know this.<\/p>\n<h2>Bonus: Apply BASIC authentication by combining conditions<\/h2>\n<p>If directives can be used in any combination of conditions.<\/p>\n<p>So,<br \/>\n<strong>BASIC certification is required for all development environments.<br \/>\nIn a production environment, BASIC authentication is applied only to management URIs.<\/strong><br \/>\nConditions like this are also possible.<\/p>\n<p>For example, the description is as follows.<\/p>\n<pre><code class=\"config\">&lt;If \"%{HTTP_HOST} == 'dev.example.com'\"&gt;\n    AuthUserFile \/path\/to\/your\/.htpasswd\n    AuthGroupFile \/dev\/null\n    AuthName \"Basic Auth\"\n    AuthType Basic\n    Require valid-user\n&lt;\/If&gt;\n\n&lt;If \"%{HTTP_HOST} == 'www.example.com' &amp;&amp; %{REQUEST_URI} =~ \/\\x2Fadmin\\x2F.*\/\" &gt;\n    AuthUserFile \/path\/to\/your\/.htpasswd\n    AuthGroupFile \/dev\/null\n    AuthName \"Basic Auth\"\n    AuthType Basic\n    Require valid-user\n&lt;\/If&gt;\n<\/code><\/pre>\n<p>It&#8217;s convenient.<\/p>\n<h2>Summary<\/h2>\n<p>When Apache 2.2 was installed, if <code>.htaccess<\/code> was installed in a specific directory, BASIC authentication could be applied to the directory below it.<br \/>\nRecently, both WordPress and PHP frameworks collected requests with <code>.htaccess<\/code> and routed them, so the directory itself did not exist, so it was not possible to write Apache 2.2.<\/p>\n<p>So such a problem occurred.<\/p>\n<p>Thank you for reading.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[Apache2.4] How to use slash in IF directive of .htaccess \u300cI want to apply BASIC authentication only in a spec &#8230; <\/p>\n","protected":false},"author":1,"featured_media":1956,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_locale":"en_US","_original_post":"1924","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[31],"tags":[],"post_folder":[],"class_list":{"0":"post-1952","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-programming","8":"en-US","9":"entry"},"acf":[],"jetpack_featured_media_url":"https:\/\/kahoo.blog\/wp-content\/uploads\/img_5dc174b4bb003.png","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/paV22D-vu","_links":{"self":[{"href":"https:\/\/kahoo.blog\/wp-json\/wp\/v2\/posts\/1952","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kahoo.blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kahoo.blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kahoo.blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kahoo.blog\/wp-json\/wp\/v2\/comments?post=1952"}],"version-history":[{"count":5,"href":"https:\/\/kahoo.blog\/wp-json\/wp\/v2\/posts\/1952\/revisions"}],"predecessor-version":[{"id":1958,"href":"https:\/\/kahoo.blog\/wp-json\/wp\/v2\/posts\/1952\/revisions\/1958"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kahoo.blog\/wp-json\/wp\/v2\/media\/1956"}],"wp:attachment":[{"href":"https:\/\/kahoo.blog\/wp-json\/wp\/v2\/media?parent=1952"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kahoo.blog\/wp-json\/wp\/v2\/categories?post=1952"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kahoo.blog\/wp-json\/wp\/v2\/tags?post=1952"},{"taxonomy":"post_folder","embeddable":true,"href":"https:\/\/kahoo.blog\/wp-json\/wp\/v2\/post_folder?post=1952"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}