[nycbug-talk] apache auth allow,deny with condition...

michael lists at genoverly.net
Tue Jul 11 09:31:31 EDT 2006 

On Tue, 11 Jul 2006 09:08:23 -0400
"George Georgalis" <george at galis.org> wrote:

> On Mon, Jul 10, 2006 at 07:41:02AM -0400, wrote:
> >George Georgalis wrote...
> >> I'm trying to setup a domain that uses Basic Auth for everything
> >> but a few items, and no auth for them.  I'd like the mod_dir
> >> DirectoryIndex to work for DocumentRoot, but any other page to
> >> require a valid-user.
> >
> >[snip] I trid to do the same things once, have auth required for
> >all parts of a website except one directory, I played with
> >httpd.conf until my eyes bled, but still could'nt figure it out.
> >I don't have anything useful to contribute, but if you get an answer,
> >I'd love to hear what it is.
> 
> After posting to several lists, including
> apache-users, that was the only response I got.
> 
> basically apache combines all the access rules in
> the path of a given url; where a parameter is set
> multiple times, last setting wins and there is no
> way to remove access requirements.
> 
> 
> So I fixed it by making /errordocs, /templates and
> pretty much everything under / available without
> restriction. Then I added an /accounts location
> container and require valid-user for access with an
> AuthUserFile of /dev/null, beneath that each account
> specifies it's own AuthUserFile.
> 
> So the DocumentRoot presents some instructions,
> anybody descending /accounts will need to auth
> against /dev/null or a client auth file, in other
> words, get the auth required error page unless they
> get a proper url _and_ password.
> 
> // George
> 
> 

As you found, use different trees for different perms.  This is the
physical (on disk) structure, your web can appear seemless to the uer.

`-- conf
`-- htdocs                        <= open
     |-- www1.domain.tld          <= open
     |    `-- htpass_pages
     |         `-- other directory
     |         `-- other directory
     |    `-- open_pages
     |         `-- other_directory
     |         `-- other directory
     |    `-- other_htpass_pages
     |         `-- other directory
     |         `-- other directory
     |-- www2.domain.tld          <= open
     |    `-- htpass_pages
     |         `-- other directory
     |         `-- other directory
     |    `-- open_pages
     |         `-- other_directory
     |         `-- other directory
     |    `-- other_htpass_pages
     |         `-- other directory
     |         `-- other directory
`-- logs

-- 

Michael


-- 

Michael

More information about the talk mailing list