wwarby
asked on
Can I Have an Unprotected Subdirectory inside a Directory Protected by a .htaccess file?
I have a .htaccess file in my cgi-bin directory which requires valid-user for GET and POST. I want to override this with open access for a subdirectory of cgi-bin. For example:
http://mysite.com/cgi-bin/myscript.pl --> Requires authorisation
http://mysite.com/cgi-bin/public/mypublicreport.pl --> Anonymous access
Is this possible, and how do I do it?
http://mysite.com/cgi-bin/myscript.pl --> Requires authorisation
http://mysite.com/cgi-bin/public/mypublicreport.pl --> Anonymous access
Is this possible, and how do I do it?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Urgh. I'm pretty sure I know what's causing this now. The Perl script is referring to stylesheets and images at the root of the site in the htdocs folder so that is what the authorisation is being requested for. Ok, I think I pretty much know where I am now, so I'm going to accept your first response as the solution - Thanks :)
Glad to hear it's working now.
I tried it in this moment in my webroot and had no clue why it should not work...;)
I tried it in this moment in my webroot and had no clue why it should not work...;)
ASKER
That has half worked. Using the .htaccess file you specified, when I access the script inside the subdirectory, the output of the script appears in the browser but the request for authorisation still appears on top of it, which you then have to cancel. My system looks roughly like this:
/apache
/htdocs
.htaccess --> Require valid user
[static content]
/cgi-bin
.htaccess --> Require valid user
[Perl scripts]
/academy
.htaccess --> Unrestricted using content you specified
[Perl scripts]
I changed the AuthName value in the htdocs and cgi-bin folders so I know which one is acting on the content. When I run a Perl script in the /academy folder, the content appears in the browser but the authorisation request from appears in the browser anyway (cancelling it works without redirecting to an error page), and the AuthName value that appears is from the htdocs folder. Disabling the .htaccess file in the /academy folder prevents the content from appearing and forces a redirect to an error page if authorisation is cancelled, so it's definitely doing something, just not quite what I want. Any thoughts?