Apache Module mod_auth exceptions

Hi E's, I have a sub-domain where I use Apache Module mod_auth inside a .htaccess.
I have this code:
AuthName "/"
AuthUserFile "/home/pedro/.htpasswds/public_html/biblioteca/passwd"
AuthType Basic
require valid-user

Open in new window

The code above will request always a login in every part of the site.
What I want to know it is if can have some exceptions. For example, if I can give access without login for 2 or 3 files, how I do? It's possible protect entire system and give some exceptions?

The best regards. JC
LVL 3
Pedro ChagasWebmasterAsked:
Who is Participating?
 
grahamnonweilerCommented:
In normal circumstances you would do the opposite of what you are asking:

                   Allow access to all - but - Restrict access on a specifc folder/directory

Currently your .htaccess is in the root, so it restricts access to everything under it (including sub-folders).

You would be better to place all the files you want to allow general access to in the root, then create a sub-folder, with your .htaccess in it, and place all restricted content (including any sub-folders) there.
0
 
arober11Commented:
You can add a Files, or FilesMatch block to the .htaccess file, to lift the restriction for certain requests e.g.

<Files "public_file.html">
    Order allow,deny
    Allow from all
    Require any
</Files>

Open in new window

0
 
Pedro ChagasWebmasterAuthor Commented:
Hi @arober11, let me see if I understand, because seems a good solution.
For example, if I want unprotected the file "../folder1/index.php" and the file "../folder1/process.php" how I use your code?
And how is the structure of code between my startup code and this change?

The best regards, JC
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
arober11Commented:
Stick the following in the folder1 .htacess file:

<Files ~ "(index|process)\.php">
    Order allow,deny
    Allow from all
    Require any
</Files>

Open in new window

0
 
Pedro ChagasWebmasterAuthor Commented:
Hi, I create a .htaccess file in the folder where are the php files that I want unprotect. But have a strange behavior. When I open the php files in folder, they still continue request the user name and the password, and the strange is my user name and my password not unlock the system.
Should not open the file system (in this case process.php and index.php) without asking credentials?

I have my own library, where I put new knowledge in informatics, the place is http://rdsrc.us/HWSzkM . Sometimes I need to unlock some files (temporary), for example to show here in 'experts exchange'. For each new tutorial I create a new folder that will contain the files, and sometimes I need to unlock the access to that files to 'experts' see.

But, your solution do not unlock the system for access to that specific files.

I hope you can give me the right solution.

~JC
0
 
Pedro ChagasWebmasterAuthor Commented:
Even, the solution can be other. If it more easy and logical, I can create access for specific files, giving a new password and user name to the visitors, just to determined files, and maintain my personal user name and password for the rest of the system.

~JC
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.