.htpasswd for Admin Page with API allow?
could you please formulate a complete question?
- Admin Page …/cockpit/.htpasswd Pass work
- Api Get …/cockpit(.htpasswd)/api/collection/… dont work (js fetch undefined)
I still don’t get it, sorry
I guess, @StasSav wants to protect the root folder with .htaccess
and .htpasswd
to have a second layer of security, while keeping the api calls publicly available without entering a user name and a password.
If so, than it is a bit tricky, because .htaccess
protection works well in a folder based setup. E. g. in Wordpress, you can protect the admin folder easily, because it is in a sub directory of the installation.
Cockpit uses the same index.php
in the root for the backend and for api calls. So it is a bit tricky, to solve that task.
@StasSav If you manage to restrict specific routes, especially /auth/login
and /auth/check
with Apache rewrite rules - without breaking the /api
route, please share it with us.
PS: I also enjoy reading questions in full sentences with a few words about what your actual goal is.