Our group maintains its adminstrative records on its main site; when members log in, they are to have permission to download PDFs from the other web site (on which the members' archives are kept). The devil is in the details:
1. Will the .htaccess solution that is applied to the /protected/ directory then automatically apply to subdirectories within, even if created later?
2. Is it possible to protect a directory so that only:
referrals from a particular directory on the main site (another domain), and
referrals from a particular direcrory on the host (same domain) are allowed?
In essence two ways to log in (through the main site or through the document server)
I've not been able to write an .htaccess that accomplishes this. I'm assuming that .htaccess is the best approach here as we'll have a lot of PDFs and other documents to protect. Authentication actually occurs via .ASP and an Access DB and then either an "OK" or "not ok" response.redirect - unless a session or cookie variable can do the same thing? We're an educational research association so the PDFs don't contain sensitive information; it's the volume of material and search capabilities that are the benefit for our members - if I can get it to work.