htaccess exclude one url from Basic Auth

Question

I need to exclude one Url (or even better one prefix) from normal htaccess Basic Auth protection. Something like /callbacks/myBank or /callbacks/.*

Answer 1

I tried the other solutions but this is what worked for me. Hopefully it will be of help to others.

# Auth stuff
AuthName "Authorized personnel only."
AuthType Basic
AuthUserFile /path/to/your/htpasswd/file

SetEnvIf Request_URI "^/index.php/api/*" allow
Order allow,deny
Require valid-user
Allow from env=allow
Deny from env=!allow
Satisfy any

This will allow the api url and any url string after /index.php/api/ to open without having to login and anything else will be prompted to login.

Example:

mywebsite.com/index.php/api will open without being prompted to login mywebsite.com/index.php/api/soap/?wsdl=1 will open without being prompted to login mywebsite.com will be prompted to login first