Joshua Slive wrote:
On 4/19/07, Ben Roberts <list-support@xxxxxxxxxxxx> wrote:Hello there, I need to setup htpasswd protection on a web directory served by Apache. I also need to permit access to the index file in the specified directory, but block access to any other files or subdirectories. So I'm using a configuration like this: <Files index.php> Order deny,allow Allow from all </Files> <Directory "/home/username/www"> AuthType Basic AuthName "Private Area" AuthUserFile /home/username/.htpasswds require user bill ben </Directory> Can anybody tell me why my override of the password protection for index.php files is being ignored?Because host-based (Allow) and password-based (Require) access control are orthogonal. You can fix your problem by adding "Satisfy Any" to the <Files> block. Joshua.
Yes, the "satisfy any" directive has worked a treat. I have also had to add another Files directive to allow .css, .js, .gif, .jpg files etc as all the index page assets were triggering htpasswd prompts as well, but this is more than acceptable...
Thanks Joshua Ben --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|