.htpasswd for Admin Page with API allow?
could you please formulate a complete question?
- Admin Page …/cockpit/.htpasswd Pass work
- Api Get …/cockpit(.htpasswd)/api/collection/… dont work (js fetch undefined)
I still don’t get it, sorry
I guess, @StasSav wants to protect the root folder with
.htpasswd to have a second layer of security, while keeping the api calls publicly available without entering a user name and a password.
If so, than it is a bit tricky, because
.htaccess protection works well in a folder based setup. E. g. in Wordpress, you can protect the admin folder easily, because it is in a sub directory of the installation.
Cockpit uses the same
index.php in the root for the backend and for api calls. So it is a bit tricky, to solve that task.
@StasSav If you manage to restrict specific routes, especially
/auth/check with Apache rewrite rules - without breaking the
/api route, please share it with us.
PS: I also enjoy reading questions in full sentences with a few words about what your actual goal is.