.htpasswd for Admin Page with API allow?

.htpasswd for Admin Page with API allow?

could you please formulate a complete question?

  • Admin Page …/cockpit/.htpasswd Pass work
  • Api Get …/cockpit(.htpasswd)/api/collection/… dont work (js fetch undefined)

I still don’t get it, sorry :confused:

I guess, @StasSav wants to protect the root folder with .htaccess and .htpasswd to have a second layer of security, while keeping the api calls publicly available without entering a user name and a password.

If so, than it is a bit tricky, because .htaccess protection works well in a folder based setup. E. g. in Wordpress, you can protect the admin folder easily, because it is in a sub directory of the installation.

Cockpit uses the same index.php in the root for the backend and for api calls. So it is a bit tricky, to solve that task.

@StasSav If you manage to restrict specific routes, especially /auth/login and /auth/check with Apache rewrite rules - without breaking the /api route, please share it with us.

PS: I also enjoy reading questions in full sentences with a few words about what your actual goal is.