1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 3:14 pm May 1, 2026

Forum Moderators: phranque

Message Too Old, No Replies

over-riding authentication for subdomains using .htaccess

Problems with over-riding authentication for subdomains using .htaccess

         

tomp

7:57 pm on Feb 24, 2004 (gmt 0)

10+ Year Member



I am developing a site and want the whole thing to be password protected until it goes live. However, there is a subdomain that I do not want to be password protected.
Whatever I do to try and remove password protection, the server always asks for the password for the subdomain too. Weird coz I thought that a higher level .htaccess file was supposed to override a lower level one. The .htaccess files follow:

Cheers

-- /home/username/public_html/.htaccess --

AuthType Basic

AuthName "Testing"

AuthUserFile "/home/username/public_html/.htpasswd"

require user user1

--

-- /home/username/public_html/subdomain/.htaccess --

Allow From All

Redirect /subdomain [subdomain.sitename.com...]

--

jdMorgan

9:26 pm on Feb 24, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



The problem is that authorization is done before the lower-level .htaccess files are processed.

You can do what you want to do by putting the exclusion in the server httpd.conf configuration file.

You can also rearrange your deny,allow stuff to allow access based on an environment variable set if the subdomain matches, as well as from valid user, and set "Satisfy any" so that either will allow access to the subdirectory. 


SetEnvIf Host "^(www\.)?[i]open_subdomain[/i]\.yourdomain\.com" openhost
AuthType Basic
AuthName Testing
AuthUserFile /home/username/public_html/.htpasswd
Satisfy any
Require user user1
Order allow,deny
Allow from openhost

This is taken (and slightly modified) from [httpd.apache.org...]

The above code may not be exactly what you need, so you'll probably have to modify it.

Jim

Clive

3:05 pm on Feb 25, 2004 (gmt 0)



Hi,

What method would you use to exclude the sub-directory in httpd.conf?

jdMorgan

8:08 pm on Feb 25, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



If you use an internal rewrite (transparent redirect) from subdomain to subdirectory, the SetEnvIf takes care of that. In other words, you are basing access permission on the subdomain in the URL, not the subdirectory in the local filepath. This method is "better" because it denies direct access from "incorrect" subdomains to the subdirectory.

Jim

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 3:14 pm May 1, 2026