Use a different basicauth rule when redirecting a file located in a basicauth path to another URL

Hi,

This is a question I already asked in another thread, but the initial question in that thread was already solved so it was probably not visible.

Say I have a file located in a path that obeys to a basicauth rule in my Caddyfile, but that file is also
redirected to another URL by caddy, that URL being under another basicauth rule, is there a way to make the redirection ask only for the second set of basicauth credentials?

I have tried that, but it requires me to authenticate with both sets of credentials (one for the redirected maps.html file with user1/hashpass1, one for the iframe containing the reverse_proxied app with user2/hashpass2):

    # Restricted browse access to domain.tld/work/
    route /work/* {
        basicauth {
                user1 hashpass1
        }
        @no_index not file {path}.html {path} {path}/index.html
        rewrite @no_index /work/_h5ai/public/index.php
     }

     # Mirror domain.tld/work/data/project/maps.html to domain.tld/project
     rewrite /project /work/data/project/maps.html
     route /project* {
             basicauth {
                     user2 hashpass2
             }
     reverse_proxy localhost:8000 # This is an application with `"base_url": "/project/db/" in its json settings, meaning the app is accessible at domain.tld/project/db and depends on authentication as well. This URL is used in an <iframe> in maps.html served at domain.tld/project above.
     }

I can provide the real URLs and credentials by PM if you need to inspect to address this issue.

We don’t provide free private support. If you need private support, please consider Caddy for Business.

At this point, frankly, what you’re trying to do sounds like it makes no sense. It seems overly complicated. If I were you, I would do the auth and routing in your PHP app.

I see no redirects in your config, only rewrites. Those are different concepts. Redirects are responding to requests with a new location for the client to make a new request on, rewrites are internal path changes before the server otherwise handles the request.

1 Like

Oh I see, thank you for your answer. I apologize, I didn’t mean to push too far with my questions, I am just trying to get more autonomous with Caddy as I use it in more situations, but I am not there yet. Unfortunately, and as much as I would like to support the Caddy team, a subscription to Caddy for Business won’t be an option for my employer, as I already have to use my own private resources for this project (work, though non-profit, it’s just science data).

Your answer is already of great assistance: I was aware that what I was trying to do was a bit convoluted, but I didn’t think it made no sense at all. I’ll try to reconsider other alternatives based on your comment. In fact, the reason why I was trying to achieve it this way is I wanted /work/ to be where I would go to browse all my files as in a file explorer with my own credentials, but wanted some of those files to be presented in different URLs with other credentials (for users), without duplicating the html files elsewhere in the filesystem. There must be simpler ways to do that, I’ll think about it.

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.