disable server authentification for certain files and URLs

#1
What is required is having a User Authentication of Subdirectory but some file need to be accessible :
1/Login required for the folder /protecteddata/ (this part is done following these instructions: https://openlitespeed.org/kb/user-authentication-through-realms/)

2/Allow external access to the files:
publiccontent.php
publiccontent.js
public.php
public.js
plugins/CorePlugin/javascripts/optOut.js
js/container_*.js
plugins/Session/configs.php

3/Allow external access to the URL:
index.php?module=CorePlugin&action=optOut

How can we achieve this in OpenliteSpeed. I've been trying many things all day without success, while it's pretty straight forward in Apache or Nginx.
I am missing something?

==================================================================================
in APACHE,
the "Require all granted" using "FilesMatch" disable the authentification for certain files and URL

<Files "*">
AuthType Basic
AuthName "Authentication Required"
# to be explicit, state the provider
AuthBasicProvider file
AuthUserFile "/etc/httpd/.htpasswd"
Require valid-user
</Files>

# Allow external access to public.php and public.js and publiccontent.js and robots.txt
<FilesMatch "(^public\.(php|js)|^publiccontent\.(php|js)|container_.*\.js|robots\.txt|optOut.js)">
Require all granted
</FilesMatch>

<FilesMatch "(^plugins\/Session\/configs\.php)">
Require all granted
</FilesMatch>

# Allow Opt-Out
<Files "index.php">
<If "(%{QUERY_STRING} =~ /^module\=CorePlugin\&action\=optOut/)">
Require all granted
</If>
</Files>
==================================================================================
in NGINX,
the "off" disable the authentification for certain files and URL with:

map $request_uri $auth_basic {
default "Restricted Area";
~*^/public\.(js|php)|publiccontent\.(js|php)|container_.*\.js|robots\.txt$ off;
~*^/index\.php\?module=CorePlugin&action=optOut$ off;
~*^plugins\/Session\/configs\.php$ off;

}


.....
auth_basic $auth_basic;
auth_basic_user_file /path/to/my/basic_auth_file;
.....
 

Cold-Egg

Administrator
#2
If you use the context + realm method, then three more extra contexts are needed in your case.
Code:
~*^/public\.(js|php)|publiccontent\.(js|php)|container_.*\.js|robots\.txt$ off;
~*^/index\.php\?module=CorePlugin&action=optOut$ off;
~*^plugins\/Session\/configs\.php$ off;
 
Top