Below is my VHost (which is slightly modified to obscure some URLS):
1 NameVirtualHost 192.168.1.49:80 2 3 <VirtualHost 192.168.1.49:80> 4 ServerName internal-name.local 5 ServerAlias *.internal-name.local external-domain.co.uk *.external-domain.co.uk 6 7 <Directory "/var/www/html"> 8 AllowOverride All 9 10 Order deny,allow 11 Deny from all 12 13 AuthName "Restricted Development Server" 14 AuthUserFile /var/www/html/.htpasswd 15 AuthType Basic 16 Require valid-user 17 18 Allow From 192.168.1. 19 20 Satisfy Any 21 </Directory> 22 23 <Location /open-path > 24 Order Allow,Deny 25 Allow From All 26 Deny From None 27 </Location> 28 29 LogLevel debug 30 VirtualDocumentRoot /var/www/html/%1/ 31 </VirtualHost>
Everything is working fine - every sub-domain gets its own folder within /var/www/html. Any requests from 192.168.1.x (via an internal domain map) can view the site without password prompts. Any requests from external IP's (via external-domain.co.uk) will be prompted for a password.
The problem I am having is getting that last "location" rule to work.
Nothing I do (be it .htaccess or vhost level) using or will disable the password protection for the "/open-path" URL.
In actual fact - each site on this server is running Drupal which uses a URL Rewrite in the .htaccess which maps all non-files onto "?q="... So: http://domain/foo/bar maps to: http://domain/index.php?q=foo/bar
I dont think that should effect this though, should it?
The reason I point it out is that "/open-path/callback" is required to be open for a 3rd party API to "ping" the site. I need to test this callback is working before pushing to live, however I don't want to unveil the entire site from password protection.
I've tried setting the Location to "/index.php?q=open-path", that's not worked either.
Any suggestion would be GREATLY appreciated!