From the answer in Password protect a specific URL, we can reverse the condition. To quote his answer,
You should be able to do this using the combination of
mod_env
and the
Satisfy any
directive. You can useSetEnvIf
to check against the
Request_URI
, even if it’s not a physical path. You can then check if
the variable is set in anAllow
statement. So either you need to log
in with password, or theAllow
lets you in without password:
# Do the regex check against the URI here, if match, set the "require_auth" var
SetEnvIf Request_URI ^/shop/my-account/customer-logout/ require_auth=false
# Auth stuff
AuthUserFile /var/www/htpasswd
AuthName "Password Protected"
AuthType Basic
# Setup a deny/allow
Order Deny,Allow
# Deny from everyone
Deny from all
# except if either of these are satisfied
Satisfy any
# 1. a valid authenticated user
Require valid-user
# or 2. the "require_auth" var is NOT set
Allow from env=!require_auth