homepage Welcome to WebmasterWorld Guest from 50.19.172.0
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

    
htaccess protecting a directory
got it working for a file, but not a full directory -?
louponne

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 324 posted 8:23 am on Aug 5, 2003 (gmt 0)

I have used htaccess/htpasswd to protect specific files, but I can't figure out how to protect an entire directory. That is, without actually putting the htaccess in the directory in question. I'd like to keep my htaccess at the root.

Here's what I use to protect a specific file:

<Files ~ "file_to_protect.cgi">
AuthName "Only Authorized persons!"
AuthType Basic
AuthUserFile /path/.htpasswd
<Limit GET POST>
order allow,deny
allow from all
require valid-user
</Limit>
</Files>

I have to project several directories, and wanted to do it in a central location, at the root. Or is it a better idea to put a htaccess file in each directory.

 

coopster

WebmasterWorld Administrator coopster us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 324 posted 10:49 pm on Aug 5, 2003 (gmt 0)

The .htaccess file directives carry through from the first folder on through the *directory* tree. Therefore, if you have your directory of *my_www_root* and create an .htaccess file in it, it applies to every file and directory under that. For example, you create a sub-directory of *myprivatestuff* and the .htaccess file in *my_www_root* applies to that as well. Here is a sample .htaccess file you might place in *my_www_root*:

AuthUserFile /my_server/somewhere_outside_my_public_access_area/.htpasswd
AuthGroupFile /dev/null
AuthName "Somewhat Secure Area"
AuthType Basic

<Limit GET POST>
require valid-user
</Limit>

You may want to start here [httpd.apache.org...] to learn more and then work your way into the right solution for you.

claus

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 324 posted 11:30 pm on Aug 5, 2003 (gmt 0)

louponne:
>> I have to project several directories, and wanted to do it in a central location, at the root. Or is it a better idea to put a htaccess file in each directory.

It's your choice, you can do both. First option gives easier maintenance.

Here's the exact method you are looking for: [httpd.apache.org...]

/claus

louponne

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 324 posted 5:44 am on Aug 6, 2003 (gmt 0)

I have to project several directories, and wanted to do it in a central location,...gives easier maintenance.
[httpd.apache.org...]

Thanks! I sure looked for that on the apache site, but didn't find it :(

One last question. How to include 2 directories.
I know *now* that to protect a directory, I do
<Directory directoryname> ... </Directory>

I suppose I can't just to

<Directory directoryname,otherdirectoryname> ... </Directory>

How to do it?

claus

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 324 posted 9:18 am on Aug 6, 2003 (gmt 0)

Just set up two directory-blocks (one below the other) in your .htaccess fileŽ- then you can specify separate access rights for each.

/claus

wkitty42

10+ Year Member



 
Msg#: 324 posted 4:38 pm on Aug 6, 2003 (gmt 0)

here's another question in this same vein...

if i have a htaccess in the root and put a htaccess in a subdirectory, do the root's setting still carry into the subdirectory? i'm not explicitly turning off any of the previous settings... just adding to them... or do i need to put in a complete htaccess with the previous settings and the new ones?

hope that makes sense...

louponne

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 324 posted 5:05 pm on Aug 6, 2003 (gmt 0)

Thanks, everyone, for your replies! :)

claus

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 324 posted 10:29 pm on Aug 6, 2003 (gmt 0)

wkitty42
>> do i need to put in a complete htaccess with the previous settings and the new ones?

As far as i know yes - lower level overrules higher level. To test it, place a blank htaccess inside a subdirectory of a password protected directory, then try requesting the sub directly (without going through the password protected directory). Possibly this behavior can be turned off somehow - others may know as i've never tried to do it.

Anyway, you can use the <Directory> ... </Directory> in your root to make separate (additional) settings for subfolders.

/claus

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved