Apache/.htaccess - password-protecting a domain but whitelisting certain URIs within it

Question

So here's what I'd like to do:

access to http://example.com/* would require the user to enter a username/password, except when they go to a certain URIs (e.g. http://example.com/contact/ , http://example.com/blog/, etc.) they shouldn't have to authenticate. http://example.com (the root) should be open, too.

I know I've got to set up some special .htaccess directives, but I don't know exactly how to go about doing it. Does anyone know how I could accomplish this?

Any help would be much appreciated. Thanks!

Answer 1

For the subdirectory, simply turn off basic authentication. It seems there is no direct way to do so (e.g. through a "require none" directive), but you can say that you accept host-based access control, and that any host can access. The following works for me:

    <Location /foo>
            AuthType Basic
            AuthName Foo
            AuthUserFile /tmp/passwd
            require valid-user
    </Location>
    <Location /foo/bar>
            Allow from all
            Satisfy any
    </Location>