I'm trying to setup a domain that uses Basic Auth for everything but a few items, and no auth for them. I'd like the mod_dir DirectoryIndex to work for DocumentRoot, but any other page to require a valid-user. The goal is to return instructions at the DocumentRoot, but require auth for any guessed url, existing or not. So people cannot determine if a url exists by checking for 401 vs 404 errors, even if they cannot access the content. In addition to the index.html (not auto indexing of course), there are a few other directories that I need unprotected. My most recent attempt to config... <Directory /> Options -Indexes Order allow,deny Allow from all AuthType Basic AuthName "files" Require valid-user </Directory> <Location /account1> AuthUserFile /usr/local/etc/apache2/ht/account1 <Location> But that has problems; AuthUserFile does not exists for DocumentRoot and I cannot figure out how to selectively add back Allow to a component, DocumentRoot or a location container (there are many). I need something that will error 401 for anything (existing or not), with a few exceptions like /template/, /errordoc/ and /, which should all serve without auth, or error. And, of course, allow for location containers with unique AuthUserFiles. Is that possible? // George -- George Georgalis, systems architect, administrator <IXOYE>< --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|