I want password protection for the site just webservice URL stay allow all.
This expression work perfectly in apache, just need turn opposite.
<LocationMatch "^(.*service).*$">
AuthType Basic
AuthName "Restricted Files"
AuthUserFile /storage/www/xxxxx/.htpasswd
Require valid-user
</LocationMatch>
I try many many form, but doesn't work. I tried this and work perfectly in reguler tester just not in apache (2.2)
<LocationMatch "^(?!.*service).*$">
How can negate that expression?
.htaccess content if matter.
RewriteEngine on
RewriteBase /
# ....
RewriteRule txxxx/(.*) index.php?config=main_lite&r=script/xxx/deliverData&url=$1
# rule 1 -- let these requests pass through (S=1 skips the next rule)
RewriteCond %{REQUEST_FILENAME} favicon.(gif|ico) [NC,OR]
RewriteCond %{REQUEST_FILENAME} .+\.(pdf|js|css|txt|jpg|jpeg|gif|png|bmp|ico|swf|html|log|svg|ttf|eot|woff|woff2)$ [OR]
RewriteCond %{REQUEST_URI} rsc/ [OR]
RewriteCond %{REQUEST_URI} index.php$
RewriteRule (.*) - [S=1]
# rule 2 - pass every request to index.php
RewriteRule .* index.php
It seems Apache regexp support is too limited..
However, you easily may "negate" your expression by defining all you want for it in an enclosing clause (say, "Location") and then reverting to the 'default' settings under your (non-negated) LocationMatch.
Something like this: https://serverfault.com/questions/591591/apache-locationmatch-regex-behaviour-does-not-seem-correct