httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Ricardo Anton <>
Subject Re: [users@httpd] How to protect a whole website, except specific directories
Date Wed, 23 Jul 2003 14:18:45 GMT


	It worked perfectly.

	Thank you very much for your help.

	Eric	:-)

Boyle Owen wrote:
>>-----Original Message-----
>>From: Eric Ricardo Anton []
>>	I am using authentication to restrict access to a 
>>website. My problem 
>>is that I want the whole website to be protected, except for one 
>>specific directory. How can I accomplish this?
>>	When I set authorization for
>><Directory "/usr/local/apache2/htdocs">, even the 
>>"/usr/local/apache2/cgi-bin" directory gets affected and 
>>is required.
>>	How can I specify that a directory mustn’t be authenticated?
> You have to make use of the "Satisfy" directive. This directive allows
> you to make AND/OR logic constructs between the authorization directives
> and the "Allow" directive. Check the docs for details, but basically you
> want something like:
> # Passwords everywhere..
> <Directory /top/of/docroot>
>   <authorization directives>
>   Allow from all
>   Satisfy all
> </Directory>
> # ..Except here
> <Directory /no/passwd/in/this/dir>
>   Allow from all
>   Satisfy any
> </Directory>
> "Satisfy all" in the main dir-container means that the request must
> satisfy Allow AND authorization (so password is required). "Satisfy any"
> in the inner dir-container means that the request must satisfy Allow OR
> authorization (so the Allow directive lets it in without requiring a
> password).
> Rgds,
> Owen Boyle
> Disclaimer: Any disclaimer attached to this message may be ignored. 
>>	Thanks for any help.
>>	Eric

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message