Access control for specific urls

If I set up a website with access control, either login or JWT, is it possible to specify individual pages from that site as being anonymously accessible?

Yup! The pattern is actually more like:

  1. Protect these paths
  2. everything else not protected

If you were locking down the whole site, the paths would be /*. But usually you’d say /paidarea/* to lock down just that folder (and subfolders).

It’s also possible to show different content at all paths - something like “authenticated users see the paid content, nonauthenticated users see the call to action to subscribe”. Here’s what that looks like in _redirects:

/authenticated/* 200! Role=admin
/authenticated/* /calltoaction.html 200!

That will show your logged in users their content and “transparently” show the non-logged in folks that other page. You could get fancier too if your code is responsive to URL’s:

/authenticated/* 200! Role=admin
/authenticated/* /calltoaction/:splat 200!

…which would be loading a page under /calltoaction/X with the same path so you could display differently based on the X value.

thanks for that. Useful stuff.