But maybe this is already too complicated. Why restrict access to all files except the listed ones and not to index.php with the shown exception only?
Something like this (untested):
<Files index.php>
Order deny,allow
Deny from all
AuthType Basic
AuthName "Matomo"
AuthUserFile /path/to/.htpasswd
Require valid-user
Satisfy Any
<If "(%{QUERY_STRING} =~ /^module\=CoreAdminHome\&action\=optOut/)">
Require all granted
</If>
</Files>
Because the idea is to add extra security to the sign in page only, or am I missing something here?
