Apply HTTP Basic authentication only to root directory

Question

I have setup a multi directory plain web application that need authentication only for root directory. All other sub directory I need to allow without password.

I have setup HTTP Basic Authentication using .htaccess and .htpasswd. These files are placed in root directory of web. My issue is, sub directories are automatically inheriting the authentication.

I just need to apply this only for root and keep all subdirectory opened. How can I do it?

My .htaccess file contents are below.

AuthType Basic
AuthName "Secure Portal"
AuthUserFile /webroot/.htpasswd
Require valid-user

You could try to put an htaccess in each subdirectory to override root's htaccess. — R.Sicart, May 11 '14 at 10:56

score 2 · Accepted Answer · answered May 11 '14 at 10:57

2

You can't do this (easily) with a .htaccess file as the directives in the .htaccess apply to the directory and all directories below it

.htaccess files (or "distributed configuration files") provide a way to make configuration changes on a per-directory basis. A file, containing one or more configuration directives, is placed in a particular document directory, and the directives apply to that directory, and all subdirectories thereof

I guess you could add a .htaccess to each subdirectory that overrides the restriction in the document root.

answered May 11 '14 at 10:57

user9517

115,471
20
215
297

ok. if so, in subdirectories how shall my .httaccess content be? – Muneer May 11 '14 at 11:19
ok. I understand, gonna use a separate .htaccess file in other directory. Go the way from this question http://stackoverflow.com/questions/1431378/how-to-remove-htaccess-password-protection-from-a-subdirectory – Muneer May 11 '14 at 11:42

Apply HTTP Basic authentication only to root directory

1 Answers1