what sort of server-side authentication. Thats sort of an important detail.
Hi whooami,
it’s apache authentication (where the username & password dialog box pops up)
it’s apache authentication (where the username & password dialog box pops up)
otherwise known as mod_auth 🙂
if you have your entire public_html/ or similar behind that its going to be a tough cookie to crack. I dont believe theres a way to exclude directories, but you might want to google a bit.
the other thing you might be able to do, if your current set up allows for it, is to move your feed url out of the path of whatever dirs your protecting. Thats probably only going to work though if you have wp installed ina sub directory, and even then it might take a bit of work.
The easiest thing, though, to do is to remove the htpasswd crapola all together, but you probably already know this 🙂
Thanx whooami, thought this might be a tough one! If I find a solution I’ll be sure to post it up here.
Thanks again,
Mik.
I figured out a way to do this. I used Apache mod_rerwrite to see if the user is requesting the RSS feed (the query string in the URL) and if so set an environment variable. Then your “allow from” statement allows the user access if the variable is set. The “satisfy any” would be important to allow a password or the variable.
RewriteEngine on
RewriteCond %{QUERY_STRING} ^feed=rss2$
RewriteRule ^(.*)$ $1 [E=rss:yes]
<Location "/secretblog/">
Order allow,deny
Allow from env=rss
AuthType Basic
AuthName "Ask Me for the password"
AuthUserFile /etc/apache2/users
Require valid-user
Satisfy any
</Location>
—
http://www.runningunix.com
