0

I've managed to set up my lighttpd server so that it makes mywebsite.com/files password protected. But I don't want the subdirectories of files to be password protected at all. I've changed the lighttpd.conf file to make the /files directory password protected and it works, but all subdirectories are password protected. I can't seem to find an option for lighttpd to stop this.

So:

/files/ password protected

/files/a.txt not password protected

Is there some setting or syntax I'm missing to allow this?

j0k
  • 22,600
  • 28
  • 79
  • 90
Awoken
  • 79
  • 6

2 Answers2

1

What you are trying to do isn't possible.

I imagine you are using something like this.

$HTTP["url"] =~ "^/files" {
    url.access-deny = ("")
}

When you deny access to a directory it works recursively i.e. all the files in the directory will be denied too.

To be honest I can't really understand what your trying to do, or why you would want this functionality.

Kinetic
  • 1,714
  • 1
  • 13
  • 38
0

Of course it can be done. Nesting the auth configuration in an HTTP block is key; this is a powerful trick solving many other situations. The auth module will only trigger for the exact path and anything under it will remain unprotected. You can even use a regular expression if you want more granular control over what has to be protected.

$HTTP["url"] == "/files/" {
auth.require = ( "/files/" =>
(
"method" => "basic",
"realm" => "Password protected area",
"require" => "user=alice"
)
)
}

Note how the directory path always ends with a slash. That is standard for directory listings. If the slash is missing, a redirect will be issued automatically, so don't worry about /files.

Zdenek
  • 690
  • 3
  • 14