Suppose I have a htdocs directory tree served by lighttpd
htdocs
htdocs/foo
htdocs/foo/spam
htdocs/foo/eggs
htdocs/foo/eggs/stirred
htdocs/foo/eggs/fried
htdocs/bar
htdocs/bar/bacon
Now I'd like to protect individual subtrees depending on, if there's a htpassw file somewhere up the hierachy, using that htpasswd of course to contain the credentials of the permitted users. For example a htpasswd file at
htdocs/foo/eggs/.htpasswd
which would mandate authentification for the whole eggs subdirectory tree.
htdocs/foo/eggs
htdocs/foo/eggs/stirred
htdocs/foo/eggs/fried
I know how to configure lighttpd to use a certain htpasswd file at a specific location to operate on a given URL pattern. But configuring something like this seems a bit odd.
My best idea so far was to use extract the relevant part of the URL to construct a path into the filesystem for the htpasswd file. But then this causes problems if there are certain URL rewriting rules applied earlier or later.
Essentially what I'm looking for is that upon the actual file access the traversal up the directory tree is made to locate a possibly present hwpasswd file. How can I do that?
