How to remove .htaccess password protection from a subdirectory
.HtaccessPassword ProtectionSubdirectory.Htaccess Problem Overview
I have password protected my entire website using .htaccess
but I would like to expose one of the sub directories so that it can be viewed without a password.
How can I disable htaccess password protection for a sub directory? Specifically what is the .htaccess
syntax.
Here is my .htaccess
file that is placed in the root of my ftp.
AuthName "Site Administratrion" AuthUserFile /dir/.htpasswd AuthGroupFile /dev/nullAuthName secure AuthType Basic require user username1 order allow,deny allow from all
.Htaccess Solutions
Solution 1 - .Htaccess
You need to create a new .htaccess
file in the required directory and include the Satisfy any
directive in it like so, for up to Apache 2.3:
# allows any user to see this directory
Satisfy Any
The syntax changed in Apache 2.4, this has the same effect:
Require all granted
Solution 2 - .Htaccess
Adding to RageZ's answer, I used this in the Server Directives:
<Directory /var/www/protected/>
AuthType Basic
AuthName "Production"
AuthUserFile /path/to/.htpasswd
Require valid-user
</Directory>
<Directory /var/www/protected/unprotected>
Satisfy Any
</Directory>
Awesome. Thanks RageZ!
Solution 3 - .Htaccess
Simply create a new .htaccess
in the desired subdirectory with this directive:
Allow from all
You can restrict to your IP only with :
Allow from x.x.x.x
See : http://httpd.apache.org/docs/current/mod/mod_access_compat.html
Solution 4 - .Htaccess
Here is a way to allow subdirectory "foo" through the basic authentication from the main .htaccess file on a site:
AuthType Basic
AuthName "Password Required"
AuthUserFile /dir/.htpasswd
Require expr %{REQUEST_URI} =~ m#^/foo/#
Require valid-user
Note: This works in Apache 2.4. I have not confirmed for earlier versions.
Solution 5 - .Htaccess
You need to add another .htaccess file to the subdirectory that overrides the authentication. .htaccess cascades upwards, i.e. it will look in the current folder, then go up a level and so on.
Solution 6 - .Htaccess
If you want to prevent any specific directoty from htaccess authentication then you can use following code in your htaccess file at top.
AuthType Basic AuthName "Enter Pass" AuthUserFile /home/public_html/.htpasswd /*PATH TO YOUR .htpasswd FILE*/ Require valid-user SetEnvIf Request_URI "(/DIRECTORY_NAME/)$" allow Order allow,deny Allow from env=allow
Also If you want to prevent multiple directories then add
SetEnvIf Request_URI "(/DIRECTORY_NAME/)$" allow
as many time as many directories, you want to remove from htaccess prevention.