5

With Apache2 how may I require a valid user for every page except these special pages which can be seen by anybody?

Thanks in advance for your thoughts.

Update in response to comments; here is a working apache2 config:

<Directory /var/www/>
    Options Indexes FollowSymLinks MultiViews
    Order allow,deny
    allow from all
</Directory>

# require authentication for everything not specificly excepted
<Location / >
    AuthType Basic
    AuthName "whatever"
    AuthUserFile /etc/apache2/htpasswd
    Require valid-user
    AllowOverride all                       
</Location>

# allow standard apache icons to be used without auth (e.g. MultiViews)
<Location /icons>
    allow from all
    Satisfy Any
</Location>

# anyone can see pages in this tree
<Location /special_public_pages>
    allow from all
    Satisfy Any
</Location>
matt wilkie
  • 481
  • 4
  • 12
  • 28
  • did you actually checked what's happening on the wire or at least in logs? isn't that your browser asking ag for /favicon.ico what triggers credentials request? – pQd Jan 06 '10 at 09:32
  • ahhh, that pointed me in the right direction. Favicon doesn't appear to need authentication or exception, but /icons/* for MultiViews does. Thanks! – matt wilkie Jan 06 '10 at 23:48

1 Answers1

4

this should do a trick:

<Location / >
 AuthType Basic
 AuthName "whatever"
 AuthUserFile /etc/apache2/htpasswd
 Require valid-user
 AllowOverride all                       
</Location>

<Location /yourspecial>
 allow from all
 Satisfy Any
</Location>

satisfy any is the cruicial one..

pQd
  • 29,981
  • 6
  • 66
  • 109