8

I want to allow access to a single file in a directory that is otherwise forbidden.

This did not work:

<VirtualHost 10.10.10.10:80> ServerName example.com DocumentRoot /var/www/html <Directory /var/www/html> Options FollowSymLinks AllowOverride None order allow,deny allow from all </Directory> # disallow the admin directory: <Directory /var/www/html/admin> order allow,deny deny from all </Directory> # but allow this single file:: <Files /var/www/html/admin/allowed.php> AuthType basic AuthName "private area" AuthUserFile /home/webroot/.htusers Require user admin1 </Files> ... </VirtualHost>

When I visit http://example.com/admin/allowed.php I get the Forbidden message of the http://example.com/admin/ directory, but not the browser login popup from the basic auth, so the basic auth does not work on the file. How can I make an exception for allowed.php?

If not possible, maybe I could enumerate all forbidden files in another Files directive?

Let's say admin/ contains also user.php and admin.php which should be forbidden in this virtual host.

Edit: I also tried the following modification, trying to follow advice from Ignacio's answer, with the same result 'Forbidden':

 ... # disallow the admin directory: <Directory /var/www/html/admin> order allow,deny deny from all </Directory> # but allow this single file:: <Files /var/www/html/admin/allowed.php> order allow,deny allow from all AuthType basic AuthName "private area" AuthUserFile /home/webroot/.htusers Require user admin1 satisfy all </Files> ...
Improve this question
1
  • The <Files ...> reference only takes a filename, not a path, btw. Commented May 19, 2011 at 21:49

2 Answers 2

Reset to default
15

Try this:

<Directory /var/www/html/admin> <Files allowed.php> AuthType basic AuthName "private area" AuthUserFile /home/webroot/.htusers Require user admin1 </Files> order allow,deny deny from all satisfy any </Directory>

Files nested inside a Directory will only apply therein so your code block is more logically organized, and I think using the 'Satisfy any' will allow them to be merged as planned. I'm not sure if it's actually required so try it with and without the satisfy line...

Improve this answer
1
  • Just want to confirm that this does work - I hope that mit will return and select this answer. Commented May 19, 2011 at 21:48
2

I'm not sure the solution with <Files xxx> actually works well, as the Require doc page states that it doesn't apply to Files 

Context: directory, .htaccess

Instead what the apache doc suggests is to create a separate directory for the file:

Removing controls in subdirectories

The following example shows how to use the Satisfy directive to disable access controls in a subdirectory of a protected directory. This technique should be used with caution, because it will also disable any access controls imposed by mod_authz_host.

<Directory /path/to/protected/> Require user david </Directory> <Directory /path/to/protected/unprotected> # All access controls and authentication are disabled # in this directory Satisfy Any Allow from all </Directory>
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.