CODEWITHSUNDEEP
.htaccess
Romain Achard
Romain Achard

Reputation: 83

Exclude one file from a password protected subdomain

I've this .htaccess to protect a subdomain.

AuthType Basic
AuthUserFile /home/xxx/dev.xxx.com/.htpasswd
AuthName "Dev"
require valid-user

How can I exclude only one file from this protection. Then this file could be accesible without password protection

Upvotes: 2

Views: 745

Answers (2)

Jon Lin
Jon Lin

Reputation: 143886

You can do this with a Satisfy Any and a special Allow that lets certain requests through without a password check. So in your htaccess file:

SetEnvIf Request_URI ^/protected-dir/no_protect_file.php norequire_auth=true

# Auth stuff
AuthUserFile /home/xxx/dev.xxx.com/.htpasswd
AuthName "Dev"
AuthType Basic

# Setup a deny/allow
Order Deny,Allow
# Deny from everyone
Deny from all
# except if either of these are satisfied
Satisfy any
# 1. a valid authenticated user
Require valid-user
# or 2. the "require_auth" var is NOT set
Allow from env=norequire_auth

If a request is made for http://your.domain.com/protected-dir/no_protect_file.php, the SetEnvIf matches and the norequire_auth environment variable is set. The auth part checks for it to allow it to pass through without requiring a password.

Upvotes: 2

Matt
Matt

Reputation: 9433

You could create a new directory outside the password protected one and create a symlink to the file you want to be unprotected and distribute the URL to the non-protected library instead of the protected one.

Upvotes: 0

Related Questions