Authentication multiple files

Question

So rather than excluding one file from the entire authentication like I tried to here. I've just decided to add specific files to the authentication like this:

<Files ...>
</Files>

The thing is when it's like this:

<Files Available.php>
    AuthType Basic
    AuthName "Login"
    AuthUserFile /disks/*/*/Folder/.htpasswd
    Require valid-user
</Files>

It works in that it requires an authentication for the php. However when I put multiple files like this:

<Files Available.php,Insert.php,upload_file.php>
    AuthType Basic
    AuthName "Login"
    AuthUserFile /disks/*/*/Folder/.htpasswd
    Require valid-user
</Files>

It fails to require authentication for any of the files. Any ideas what I'm writing wrong syntactically?

Also how do I require authentication for all sub-directories?

Answer 1

You can't put multiple file names in a directive. see for directive examples.

http://www.askapache.com/htaccess/using-filesmatch-and-files-in-htaccess.html

If you can't match the files with a wildcard, your best bet is to place them all in a subdirectory and use your authenication against that.

Your other option is to use php authenication with sessions (cookie or url based) and have the php files that require authentication check for a valid session before running.

I've written a fair number php based sites with authenicated admin and I always use a subdirectory and then ssl to make it more secure.