[nycbug-talk] apache auth allow,deny with condition...

George Georgalis george at galis.org
Tue Jul 11 09:08:23 EDT 2006

On Mon, Jul 10, 2006 at 07:41:02AM -0400, wrote:
>George Georgalis wrote...
>> I'm trying to setup a domain that uses Basic Auth for everything
>> but a few items, and no auth for them.  I'd like the mod_dir
>> DirectoryIndex to work for DocumentRoot, but any other page to
>> require a valid-user.
>[snip] I trid to do the same things once, have auth required for
>all parts of a website except one directory, I played with
>httpd.conf until my eyes bled, but still could'nt figure it out.
>I don't have anything useful to contribute, but if you get an answer,
>I'd love to hear what it is.

After posting to several lists, including
apache-users, that was the only response I got.

basically apache combines all the access rules in
the path of a given url; where a parameter is set
multiple times, last setting wins and there is no
way to remove access requirements.

So I fixed it by making /errordocs, /templates and
pretty much everything under / available without
restriction. Then I added an /accounts location
container and require valid-user for access with an
AuthUserFile of /dev/null, beneath that each account
specifies it's own AuthUserFile.

So the DocumentRoot presents some instructions,
anybody descending /accounts will need to auth
against /dev/null or a client auth file, in other
words, get the auth required error page unless they
get a proper url _and_ password.

// George

George Georgalis, systems architect, administrator <IXOYE><

More information about the talk mailing list