How to remove .htaccess password protection from a subdirectory

.HtaccessPassword ProtectionSubdirectory

.Htaccess Problem Overview

I have password protected my entire website using .htaccess but I would like to expose one of the sub directories so that it can be viewed without a password.

How can I disable htaccess password protection for a sub directory? Specifically what is the .htaccess syntax.

Here is my .htaccess file that is placed in the root of my ftp.

AuthName "Site Administratrion"
AuthUserFile /dir/.htpasswd
AuthGroupFile /dev/null


AuthName secure
AuthType Basic
require user username1
order allow,deny
allow from all

.Htaccess Solutions

Solution 1 - .Htaccess

You need to create a new .htaccess file in the required directory and include the Satisfy any directive in it like so, for up to Apache 2.3:

# allows any user to see this directory
Satisfy Any

The syntax changed in Apache 2.4, this has the same effect:

Require all granted

Solution 2 - .Htaccess

Adding to RageZ's answer, I used this in the Server Directives:

<Directory /var/www/protected/>
     AuthType Basic
     AuthName "Production"
     AuthUserFile /path/to/.htpasswd
     Require valid-user
</Directory>

<Directory /var/www/protected/unprotected>
     Satisfy Any
</Directory>

Awesome. Thanks RageZ!

Solution 3 - .Htaccess

Simply create a new .htaccess in the desired subdirectory with this directive:

Allow from all

You can restrict to your IP only with :

Allow from x.x.x.x

See : http://httpd.apache.org/docs/current/mod/mod_access_compat.html

Solution 4 - .Htaccess

Here is a way to allow subdirectory "foo" through the basic authentication from the main .htaccess file on a site:

AuthType Basic
AuthName "Password Required"
AuthUserFile /dir/.htpasswd
Require expr %{REQUEST_URI} =~ m#^/foo/#
Require valid-user

Note: This works in Apache 2.4. I have not confirmed for earlier versions.

Solution 5 - .Htaccess

You need to add another .htaccess file to the subdirectory that overrides the authentication. .htaccess cascades upwards, i.e. it will look in the current folder, then go up a level and so on.

Solution 6 - .Htaccess

If you want to prevent any specific directoty from htaccess authentication then you can use following code in your htaccess file at top.

AuthType Basic AuthName "Enter Pass" AuthUserFile /home/public_html/.htpasswd /*PATH TO YOUR .htpasswd FILE*/ Require valid-user SetEnvIf Request_URI "(/DIRECTORY_NAME/)$" allow Order allow,deny Allow from env=allow

Also If you want to prevent multiple directories then add

SetEnvIf Request_URI "(/DIRECTORY_NAME/)$" allow

as many time as many directories, you want to remove from htaccess prevention.

Categories
Recommended .Htaccess Solutions
Recommended Password Protection Solutions
Recommended Subdirectory Solutions

Previous Solution:

libxml/tree.h no such file or directory

Objective CIphoneXcodeLibxml2

Next Solution:

Zero-based month numbering

DateLanguage AgnosticLanguage Design

Attributions

All content for this solution is sourced from the original question on Stackoverflow.

The content on this page is licensed under the Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.

Content TypeOriginal AuthorOriginal Content on Stackoverflow
QuestionjustinlView Question on Stackoverflow
Solution 1 - .HtaccessRageZView Answer on Stackoverflow
Solution 2 - .HtaccessatonycView Answer on Stackoverflow
Solution 3 - .HtaccessPaul RadView Answer on Stackoverflow
Solution 4 - .HtaccessPeterAView Answer on Stackoverflow
Solution 5 - .HtaccessFentonView Answer on Stackoverflow
Solution 6 - .HtaccessMohd JafarView Answer on Stackoverflow