password whole website EXCEPT index file

c00kie

c00kie

c00kie

Associate
Joined
18 Oct 2002
Posts
344
Is it possible to get apache 1.3 to require valid user for the whole site (protect root directory) while allowing anonymous access to the index file still?

I have managed it so that you can get to site.com/index.html fine (specifying the file to load), but simply going to site.com asks for authentication.

The idea is visitors going to site.com would be presented with a webpage informing them of how to get a username and password, and any other pages within the site then require this password.

my config:
<Directory /var/www>

Order Deny,Allow
Deny from all

Auth details...

require valid-user
Allow from 192.168.1
Satisfy Any

<Files index.html>
Allow from all
</Files>

</Directory>

Apache need to check for the index file BEFORE checking the auth conditions i guess???

any help would be great!
 
You could always dump everything that should be protected inside a /member folder and require a password for that, leaving index.html free?
 
indeed - unfortuneately i can't do that due to various reasons though :(

after a bit more investigation I wonder whether instead of passwording the whole directory with <Directory> I should password <Files "*"> instead? Then have an exclusion for one particular file?
 
JIM_BOB7813 said:
You could rewrite requests for '/' to '/index.html' and use your original method (I think).
Click to expand...

Good plan! unfortunately apache seems to prioritise password over redirecting so it doesnt have the desired effect.

config:

<Directory /var/www>

Order Deny,Allow
Deny from all

Options +FollowSymlinks
RewriteEngine on
RewriteBase /
RewriteRule ^$ index.html [L]

<Files index.html>
Allow from all
</Files>

Auth stuff

require group 1 2
#require valid-user
Allow from 192.168.2
Satisfy Any

</Directory>
 
You must log in or register to reply here.
Back
Top Bottom