httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boyle Owen" <>
Subject RE: [users@httpd] how do i leave only DocumentRoot open; all other directories require Auth
Date Wed, 11 Dec 2002 07:59:35 GMT
You could re-arrange your site as Jacob suggests, but (for the record)
there is a config-based solution to your problem:

The main way to do these types of things is through creative use of the
"Satisfy" directive, which controls how Authentication and Allow
directives interact. If you put this directive in a directory container
along with authentication rules and an Allow directive, you are allowed
into the directory depending on the value of the Satisfy argument as

Satisfy any - if you come from an "Allow"ed domain OR you know the
Satisfy all - if you come from an "Allow"ed domain AND you know the

So to apply this to your case where you want free access to the DR but
pw access to subdirs:

<Directory DR>
  Allow from all
  Satisfy any

<Directory SubDir1>
  Satisfy all

<Directory SubDir2>
  Satisfy all

This makes use of the rule that directory-specifc directives apply to
all subdirs (so the AuthDirectives and the "Allow from all" apply to all
subdirs of the DR) and that more specific directives override less
specific (so the "Satisfy all" directives for the subdirs override the
"Satisfy any" in the DR container).


Owen Boyle

>-----Original Message-----
>From: Bishop, Dean []
>Sent: Dienstag, 10. Dezember 2002 18:42
>To: ''
>Subject: [users@httpd] how do i leave only DocumentRoot open; all other
>directories require Auth
>Good morning,
>	i am trying to set up a site in such a way that 
>everything requires
>Authentication with the sole exception of the DocumentRoot.
>	The goal is to provide a simple index.html at the 
>DocumentRoot with
>links to the rest of the site.  Only if the visitor tries to 
>access one of
>the links (a directory in my web site) does he/she get prompted for
>	i can easily add Authentication for everything, and 
>likewise remove
>Authentication for everything using <Direcotory 
>/document/root> directives.
>i understand that .htaccess files have higher precidence (i have
>AllowOverride=all and have tried authconfig too) but cannot 
>seem to find a
>syntax for .htaccess that removes the authentication 
>requirement for only
>the DocumentRoot.
>	The only option i can see is to create .htaccess files for every
>directory in my site _except_ my DocumentRoot.
>	Please, someone tell me i am missing something.
>Apache 1.3.23 on Redhat 7.3 (all up2date).
>thanks in advance,
>The official User-To-User support forum of the Apache HTTP 
>Server Project.
>See <URL:> for more info.
>To unsubscribe, e-mail:
>   "   from the digest:
>For additional commands, e-mail:

This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please notify the sender urgently
and then immediately delete the message and any copies of it from your
system. Please also immediately destroy any hardcopies of the message.
You must not, directly or indirectly, use, disclose, distribute, print,
or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail
communications through their networks. Any views expressed in this
message are those of the individual sender, except where the message
states otherwise and the sender is authorised to state them to be the
views of the sender's company. 

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message