Apache/.htaccess - password-protecting a domain but whitelisting certain URIs within it
-
06-07-2019 - |
Question
So here's what I'd like to do:
access to http://example.com/* would require the user to enter a username/password, except when they go to a certain URIs (e.g. http://example.com/contact/ , http://example.com/blog/, etc.) they shouldn't have to authenticate. http://example.com (the root) should be open, too.
I know I've got to set up some special .htaccess directives, but I don't know exactly how to go about doing it. Does anyone know how I could accomplish this?
Any help would be much appreciated. Thanks!
Solution
For the subdirectory, simply turn off basic authentication. It seems there is no direct way to do so (e.g. through a "require none" directive), but you can say that you accept host-based access control, and that any host can access. The following works for me:
<Location /foo>
AuthType Basic
AuthName Foo
AuthUserFile /tmp/passwd
require valid-user
</Location>
<Location /foo/bar>
Allow from all
Satisfy any
</Location>