Joshua Slive wrote:
On 4/19/07, Ben Roberts <[EMAIL PROTECTED]> wrote:
Hello there,
I need to setup htpasswd protection on a web directory served by Apache.
I also need to permit access to the index file in the specified
directory, but block access to any other files or subdirectories.
So I'm using a configuration like this:
<Files index.php>
Order deny,allow
Allow from all
</Files>
<Directory "/home/username/www">
AuthType Basic
AuthName "Private Area"
AuthUserFile /home/username/.htpasswds
require user bill ben
</Directory>
Can anybody tell me why my override of the password protection for
index.php files is being ignored?
Because host-based (Allow) and password-based (Require) access control
are orthogonal.
You can fix your problem by adding "Satisfy Any" to the <Files> block.
Joshua.
Yes, the "satisfy any" directive has worked a treat. I have also had to
add another Files directive to allow .css, .js, .gif, .jpg files etc as
all the index page assets were triggering htpasswd prompts as well, but
this is more than acceptable...
Thanks Joshua
Ben
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
