0

So here's what I'd like to do:

access to http://example.com/* would require the user to enter a username/password, except when they go to a certain URIs (e.g. http://example.com/contact/ , http://example.com/blog/, etc.) they shouldn't have to authenticate. http://example.com (the root) should be open, too.

I know I've got to set up some special .htaccess directives, but I don't know exactly how to go about doing it. Does anyone know how I could accomplish this?

Any help would be much appreciated. Thanks!

Michael Haren
  • 105,752
  • 40
  • 168
  • 205
gabriel
  • 1,787
  • 2
  • 19
  • 24

1 Answers1

3

For the subdirectory, simply turn off basic authentication. It seems there is no direct way to do so (e.g. through a "require none" directive), but you can say that you accept host-based access control, and that any host can access. The following works for me:

    <Location /foo>
            AuthType Basic
            AuthName Foo
            AuthUserFile /tmp/passwd
            require valid-user
    </Location>
    <Location /foo/bar>
            Allow from all
            Satisfy any
    </Location>
Martin v. Löwis
  • 124,830
  • 17
  • 198
  • 235
  • Thanks for the response! This looks like it should work, but I'm still having problems. I'm getting a 500 Server error. I only changed the AuthUserFile path. I even created a simple second site to test this out, using static files, and it was still 500ing. Any idea what may be causing this? – gabriel Nov 03 '08 at 23:56
  • If this is the first time you have enabled basic auth, you probably need to load additional Apache modules. In recent Apache versions, there is a separate module for file-based user and group authentication, which you need to load separately. – Martin v. Löwis Nov 04 '08 at 12:18