Here is my .htaccess configuration in my root directory: Options +ExecCGI order deny,allow deny from all allow from 10.13.1. allow from 10.13.2. allow from 10.13.3. allow from 10.13.4. satisfy any AuthName "Members 1st Credit Union Employees Only" AuthType Kerberos Krb5Keytab /etc/auth_kerb.keytab KrbAuthRealm MEMBERSONLINE.LOCAL KrbMethodNegotiate off KrbSaveCredentials off KrbVerifyKDC off Require valid-user This web server is used as a company intranet site. However, my boss would like it where employees can view the intranet site from home. This configuration will make it where users inside my network do not have to authenticate. If they are outside of the network they will have to authenticate to active directory. This is working really well. Here is my problem. I have a couple of sub-directories that I do not want to be accessible outside of my network. I put an .htaccess configuration in the subdirectory like this: order deny,allow deny from all allow from 10.13.1. allow from 10.13.2. allow from 10.13.3. allow from 10.13.4. When I navigate to the subdirectory I am prompted with the authentication box instead of the forbidden page. After an hour of research I came out confused and could not get a clear answer on this: Does a .htaccess file in a subdirectory over ride the .htaccess file in the root directory? Does a ..htaccess file in a subdirectory merge with a .htaccess file in the root directory? If a .htaccess file in a subdirectory over rides the .htaccess file in the root directory, any tips on why my .htaccess in my root is overriding my .htaccess file in my subdirectory? If a .htaccess file in a subdirectory merges with a .htaccess file in the root directory, how can I make it where the root directory needs authentication and select subdirectories forbid users from accessing it? Thank You, Noel Stratton Computer Specialist Members 1st Credit Union --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|