.htaccess passwords and sub directories

Forum Moderators: phranque

Message Too Old, No Replies

.htaccess passwords and sub directories

Using .htaccess to open a sub directory within a protected directory

mentalacrobatics

4:47 pm on May 28, 2006 (gmt 0)

I have password issue and any help will be appreciated.

Here is the directory structure
www.example.com/directoryA/directoryB/

directoryA contains all the admin files and needs to be password protected. I have successfully done this using .htaccess.

directoryB contains the files that need to be accessible by the public.

I created a new .htaccess file for directoryB and put this in it:


order allow
allow from all

However when I try to access the folder I get a request to enter a user name and password which is generated by the .htaccess file in directoryA.

Would anybody have an idea on how to allow access to directoryB while restrict access to directoryA?

Thank you again.

Wizcrafts

5:31 pm on May 28, 2006 (gmt 0)

You have made directory B a child of directory A and it inherits the rules that apply to directory A. You could either move directory B to be a child of the web root, or create a complex rewrite condition and rule to only password protect the parent directory A, and not it's child directories. This would include NOT conditions, like the one below:

RewriteCond %{REQUEST_URI} !^/directoryB/
RewriteCond %{REQUEST_URI} ^/directoryA/
< rules for password auth >

Something like that.

Wiz

mentalacrobatics

5:55 pm on May 28, 2006 (gmt 0)

Thank you for the quick response Wiz and for the advice.

I can not move directoryB out of directoryA as I was informed that this would break the programme.

There are a total of 10 sub directories in directoryA and of those I only want directoryB accessible to the public and the rest restricted. Would the “rewrite condition and rule” you suggest be able to do this or would the other 9 directories all become accessible to the public as well?

Thank you again.

jdMorgan

6:33 pm on May 28, 2006 (gmt 0)

See SetEnvIf (mod_setenvif), Satisfy (core), and Allow (mod_access)


SetEnvIf Request_URI ^/directoryA/directoryB nopasswd
#
# ... your existing password setup code
#
Require valid-user
#
Satisfy any
Allow from nopasswd

The above code, merged with your existing password set-up code in directoryA, should remove the requirement for a password to access to directoryB.

Jim

mentalacrobatics

7:21 pm on May 28, 2006 (gmt 0)

Thank you again. This is what my modified .htaccess file looks like:


SetEnvIf Request_URI ^/directoryA/directoryB nopasswd
#
AuthType Basic
AuthUserFile /path/to/diectoryA/.htpasswd
AuthName "Members Area"
require valid-user
#
Require valid-user
#
Satisfy any
Allow from nopasswd

I uploaded this into directoryA and now the full folder and all the subfolders are publicly accessible.
Would you please point out what I have done wrong?

Thank you for your help

jdMorgan

7:48 pm on May 28, 2006 (gmt 0)

You'll have to look for, find, and analyze any other "Allow" or "Deny" directives in that folder, and any above it, and understand how they all play together under any "Order" directives you may have. "Order" defines the priority of Allow and Deny directives, and the most likely cause of your trouble is that the priority is incorrect or that other Allows are interfering with the operation of the authorization/Satisfy code.

Sorry, using Satisfy [httpd.apache.org] is a bit complex, but once you understand it, your goal should be achievable.

Jim