How to set BasicAuth everywhere EXCEPT certain directories

Question

When it comes to setting BasicAuth protection for specific directory, I use simple setup (in apache2.conf file):

<Directory /var/www/somedir/>
Deny from all
AuthUserFile /var/pswd/somedir/.htpasswd
AuthName authorization
AuthType Basic
Satisfy Any
require valid-user
</Directory>

But I would like to set BasicAuth everywhere on the server by default, and unlock it only for specific directories (websites, domains).

So, how could one set BasicAuth everywhere on the server except certain directories?

score 1 · Accepted Answer · edited Feb 06 '22 at 14:04

Any subsequent definition should override a previous definition in apache config files. Try the below, it should fix it.

<Directory /var/www/>
  Order deny,allow
  Deny from all
  AuthUserFile /var/pswd/somedir/.htpasswd
  AuthName authorization
  AuthType Basic
  Satisfy Any
  require valid-user
</Directory>

Alias /path/to/opendir/ /public
<Directory /var/www/opendir/>
  Allow from all
</Directory>

You can also use .htaccess to control this by adding:

Override Auth
Allow from all
Satisfy any

For more info look: here, here, here & here

Froggiz · Answer 2 · 2015-10-06T11:43:30.257

This is for your main authentication

<Directory /var/www/somedir/>
    Order deny,allow
    Deny from all
    AuthName "User Authentication"
    AuthType Basic
    AuthUserFile /var/pswd/somedir/.htpasswd
    Require valid-user
</Directory>

this is for your folder exception

<Directory /var/www/somedir/accessibleDir/>
    Allow from all 
</Directory>

to add a user in your user list use:

htpasswd -b -m /var/pswd/somedir/.htpasswd {User} {Pass}

try to not use .htaccess, if you can, to reduce hard drive access, you will increase your web site performance like that.

How to set BasicAuth everywhere EXCEPT certain directories

2 Answers2