Exclude Directories from Password Protection in .htaccess
  • 20 Jan 2016

In the last blog post,we had discussed how you can password protect all of the directories on your web server.In this post,we will share how you can exclude some of the directories and keep others with password protection.

# password protection allowing directory and file access
AuthType Basic

AuthName "Restricted Area"
AuthUserFile /home/path/.htpasswd
AuthGroupFile /dev/null 
Require valid-user

SetEnvIf Request_URI "(path/to/directory/)$" allow
SetEnvIf Request_URI "(path/to/file\.php)$"  allow
Order allow,deny
Allow from env=allow
Satisfy any

In the above piece of codes,we have highlighted the lines which are required to enable some of the directories on your web hosting server to be opened without any password protection.

Below is the explaination:

SetEnvIf Request_URI "(path/to/directory/)$" allow

In this line, we have mentioned the specified URL request as an allow variable.This line essentially instructs to the web server, “associate the specified URL (i.e., path/to/directory/) with an allow variable.”

Order allow,deny

This line specifies the order in which access parameters will be evaluated. In this case, we want to consider allowed access before denied access.

Allow from env=allow

In this line, we are telling Apache to allow access to any resource associated with an allow variable.

Satisfy any

This line instructs the Apache server to apply the directives for any condition in which the specified parameters have been satisfied.

Blog Category: