| Author |
.htaccess inheritance overriding
|
|
|
| I have the following directory structure
/
/protected
/protected/safeforall
I have /protected/.htaccess to require valid logon to php files under
/protected.
I am however struggling to create a .htaccess file under
/protected/safeforall to allow all php files under
/protected/safeforall to be viewable by anyone without a logon.
How can I achieve this?
| |
|
| "Pat" <GTQWVOPHMEAQ@spammotel.com> schreef in bericht
news:1153994422.406139.66290@p79g2000cwp.googlegroups.com...
> I have the following directory structure
> /
> /protected
> /protected/safeforall
>
> I have /protected/.htaccess to require valid logon to php files under
> /protected.
>
> I am however struggling to create a .htaccess file under
> /protected/safeforall to allow all php files under
> /protected/safeforall to be viewable by anyone without a logon.
IIRC .htaccess files are parsed while traversing the folders.
So /protected/.htaccess is _always_ trapping a visitor into a logon _before_
/protected/safeforall/.htaccess gets a chance to give free access
> How can I achieve this?
You might try this untested braindump based on an example at
http://httpd.apache.org/docs/2.0/mo...cess.html#allow as part of your
/protected/.htaccess
SetEnvIf Request_URI \.php$ php=1
Require valid-user
Satisfy Any
Order Deny,Allow
Deny from all
Allow from env=php
HansH
| |
|
| Note that under /protected, I also have *.PHP files which I want
protecting (using passwords stated in a .htpasswd file) and <limit GET>
directive:
AuthUserFile /public_html/passwd/.htpasswd
AuthName "demo"
AuthType Basic
<Limit GET>
require valid-user
</Limit>
So would I need to modify the /protected/.htaccess as well?
HansH wrote:
> IIRC .htaccess files are parsed while traversing the folders.
> So /protected/.htaccess is _always_ trapping a visitor into a logon _before_
> /protected/safeforall/.htaccess gets a chance to give free access
> You might try this untested braindump based on an example at
> http://httpd.apache.org/docs/2.0/mo...cess.html#allow as part of your
> /protected/.htaccess
>
> SetEnvIf Request_URI \.php$ php=1
>
> Require valid-user
> Satisfy Any
> Order Deny,Allow
> Deny from all
> Allow from env=php
>
>
>
> HansH
| |
|
| "Pat" <GTQWVOPHMEAQ@spammotel.com> schreef in bericht
news:1154002923.466082.237100@m79g2000cwm.googlegroups.com...
> HansH wrote:
_before_[vbcol=seagreen]
your[vbcol=seagreen]
> Note that under /protected, I also have *.PHP files which I want
> protecting (using passwords stated in a .htpasswd file) and <limit GET>
> directive:
So go for -untested-:
SetEnvIf Request_URI ^safeforall/.* \.php$ php=1
> AuthUserFile /public_html/passwd/.htpasswd
> AuthName "demo"
> AuthType Basic
> <Limit GET>
> require valid-user
> </Limit>
Uh ... this allows a POST to the scripts without valid logon !!
> So would I need to modify the /protected/.htaccess as well?
As well? There should NOT be another .htaccess below this folder doing
authentication.
HansH
|
|
|
|