Forum Moderators: phranque
I have a site which requires a password to access anything, using basic authentication. That's easy to do, but I now want to allow unrestricted access to just one file, an RSS feed. This is what I have:
# restrict access to the whole site
<Files *>
AuthType Basic
AuthName "title here"
AuthUserFile /path/to/passwordfile
Require valid-user
</Files>
# now allow open access to RSS feed
<Files /dir/feed.php>
Satisfy any
Order deny,allow
Allow from all
</Files>
Of course, it doesn't work: the password is requested for the RSS feed page too. In the documentation, I can see ways of allowing certain IP addresses to bypass authentication for the whole site, but I want any IP address to be able to connect to just one file.
What am I doing wrong? Many thanks for your help.
The <Files> directive provides for access control by filename. It is comparable to the <Directory> directive and <Location> directives. It should be matched with a </Files> directive. The directives given within this section will be applied to any object with a basename (last component of filename) matching the specified filename.
That means that it won't match on full paths. Try this; in your DocumentRoot, put the <Files *> block (and *only* that block) in your .htaccess file. In $DOCUMENTROOT/dir/, create a .htaccess file like this:
<Files feed.php>
Order allow,deny
Allow from all
</Files>
As an aside (this won't change my suggestion for your particular situation), apache-2.x uses a different regex library than apache 1, so the following WILL work in Apache 2:
<FilesMatch "!feed.php">
Order deny,allow
Deny from all
</FilesMatch>
[edited by: sitz at 2:28 am (utc) on Mar. 21, 2005]
Allow from allrequire valid-userI suspect that I'll need to combine the two blocks to get the
Satisfy any
Satisfy anyAllow from allThanks again for your help - I wasn't far off!
