.htaccess (1)
Apache (1)
WordPress (1)
authentication (1)

How do I require authentication for only one page in WordPress?

I want to require a user to authenticate only if he/she hits http://www.example.com/sample-page

You can do some .htaccess overrides with Satisfy.  For this to work you have to make sure that overrides are allowed in the Apache config for the directory the .htaccess file is operating on.  You don't need all overrides -- you can look at the Apache directives docs for which, or you can just specify Override All.  Anyway, here's what might go in the Apache config to force an LDAP authentication for hits to  a single page called sample-page:

# sets ENV if request is for /sample-page
SetEnvIf REQUEST_URI ^/sample-page require_auth

# Auth stuff
AuthName "Example Company Authentication"
AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative off
AuthLDAPURL "ldap://ldap.example.com/o=example?cn??(objectclass=Person)"

# Set deny/allow order
Order Deny,Allow
# Deny from everyone
Deny from all
# EXCEPT if either of the following conditions is true
Satisfy Any
# 1. the "require_auth" var is not set
# 2. a valid authenticated user
Allow from env=!require_auth
Require valid-user

FIRST: I had a case where Request_URI needed to be REQUEST_URI

SECOND: I have a case of RHEL 5 and Apache 2.2.3 where this:
Allow from env=!require_auth
does not work (the negation is ignored)
For this, I had to change the above to mimic a negation and then not use it in Allow from.  The relevant lines:
SetEnvIf REQUEST_URI "^/httest" require_auth=0
SetEnvIf REQUEST_URI "^/httest/sample_page" require_auth=1
SetEnvIf require_auth 0 pass_it_thru
Allow from env=pass_it_thru


Add a Comment

NOTE: Comments are moderated and will not show until approved.