How can I exclude a single file from Apache mod_auth Require valid-user?

Question

I have a testing site which has a Require valid-user directive, employing Apache's mod_auth to keep it private, but I'd like to exempt a single file from this requirement (i.e. make it so that you don't need a username / password to access that one file, even though you need a username/password for the rest of the site).

Right now, I have...

AuthUserFile /path/to/htpasswd
AuthType Basic
AuthName "My Private Site"
Require valid-user
<Files filename.txt>
  Allow from All
  Satisfy Any
</Files>

But that doesn't seem to quite be doing the trick (I can see the file, but only after being prompted for a username/password and clicking cancel).

What am I doing wrong?

See. http://stackoverflow.com/questions/2641646/how-to-accomplish-authtype-none-in-apache-2-2 for how to hack this. — Mark Wagner, Mar 23 '11 at 21:07

score 2 · Answer 1 · answered Mar 24 '11 at 12:10

2

I think something like this should work:

<FilesMatch "^/path/to/file$"> 
Allow from all 
Satisfy any 
</FilesMatch>

You could also try the <location> directive instead of the <FilesMatch> directive.

answered Mar 24 '11 at 12:10

matthew

1,319
1
11
21

How can I exclude a single file from Apache mod_auth Require valid-user?

1 Answers1