You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "Bishop, Dean" <de...@tcdsb.org> on 2002/12/10 18:41:36 UTC
[users@httpd] how do i leave only DocumentRoot open; all other directories requ
ire Auth
Good morning,
i am trying to set up a site in such a way that everything requires
Authentication with the sole exception of the DocumentRoot.
The goal is to provide a simple index.html at the DocumentRoot with
links to the rest of the site. Only if the visitor tries to access one of
the links (a directory in my web site) does he/she get prompted for
Authentication.
i can easily add Authentication for everything, and likewise remove
Authentication for everything using <Direcotory /document/root> directives.
i understand that .htaccess files have higher precidence (i have
AllowOverride=all and have tried authconfig too) but cannot seem to find a
syntax for .htaccess that removes the authentication requirement for only
the DocumentRoot.
The only option i can see is to create .htaccess files for every
directory in my site _except_ my DocumentRoot.
Please, someone tell me i am missing something.
Apache 1.3.23 on Redhat 7.3 (all up2date).
thanks in advance,
dean
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] how do i leave only DocumentRoot open; all other directories require Auth
Posted by Jacob Coby <jc...@listingbook.com>.
> i am trying to set up a site in such a way that everything requires
> Authentication with the sole exception of the DocumentRoot.
hmm..
> The only option i can see is to create .htaccess files for every
> directory in my site _except_ my DocumentRoot.
One option is to make the rest of your site live off of a single branch of
the document root, and have the .htaccess with the auth requirements in it.
.htaccess files are recursive in nature, so if it doesn't find one in ., it
looks in ../, and then ../../ until it reaches document root.
So, you would have:
www.example.com/index.html
www.example.com/site/everything_else.html
Anything you try to access from /site/* will require auth since there is a
.htaccess in /documentroot/auth, but your index.html should be allowed out
to everyone.
Another option is to use virtual hosts, and have www.example.com be publicly
available, but have www.auth.example.com require authorization.
-Jacob
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org