We help IT Professionals succeed at work.

htaccess directory permissions

424 Views
Last Modified: 2012-05-08
Hey guys,

I have enabled basic authorisation on the root folder of my site (only pre-launch) and I have changed the error documents to custom ones that I have made. The problem is that if the person doesn't enter authentication then they cant get to the error documents and so receive the standard authorisation required error page! Is there a way to say in the htaccess - "block all site except for the error folder" ??
I am using below:

.htaccess:

AuthUserFile "/home/squaresa/.htpasswds/public_html/passwd"
AuthName "Web"
AuthType Basic
require valid-user

Can i put the above code between "file" tags or something?
the errordocs are in /home/squaresa/public_html/errordocs
Comment
Watch Question

Commented:
I'm guessing you're trying to password protect the entire public_html (root) folder then?

You could always just password protect one folder (e.g. public_html\Website) which would leave other folders such as public_html\errordocs open to the public.

Author

Commented:
Hey, thanks for the response.
If my whole site is in /home/squaresa/public_html/, and there is a folder in there called errordocs, then well all of my site isnt in a subfolder called /Website so i couldn't password that !?

Commented:
Basically to password protect a folder you need the .htaccess file in the folder you want protecting & then the "passwd" file elsewhere. The .htaccess file can go anywhere, as long as it's pointing to a valid "passwd" file.

So, if you put the .htaccess file into /public_html/website then it should only protect the /website folder.

Author

Commented:
I get that - But my entire website isnt in the "/website" folder - it is in the same root directory as "/errordocs".

Are you suggesting I move my entire site into a subdirectory called "/website" and then pswd that dir only?

Commented:
Yes, it'd probably be the easiest solution to move it to /website and protect just that, then it'd also leave the root of your website public in case you want to add any more public pages in the future.

I think there are ways of excluding files from the htpasswd protection, however I can't find any straight forward way of doing that at the moment. I'll look further.

Commented:
You could try put this in the .htaccess file:

RewriteRule ^errordocs($|/) - [L]

Untested at the moment, but be worth a go though.

If the above doesn't work try this:

RewriteRule ^errordocs/.*$ - [PT]

Make sure, whichever one you use, it goes at the top of the htaccess file (before any other RewriteRules).
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Commented:
If you select your own answer as the solution the question will close in 4 days and you'll be refunded. Alternatively you can request attention on this question to get a moderator to sort it out.

The above two pieces of code are the only ways I could find that might be able to unprotect certain directories. Maybe somebody else has an idea?

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.