How to use basic auth for single file in otherwise forbidden Apache directory?

Posted by mit on Server Fault See other posts from Server Fault or by mit
Published on 2010-06-14T22:41:56Z Indexed on 2010/06/14 22:43 UTC
Read the original article Hit count: 284

I want to allow access to a single file in a directory that is otherwise forbidden.

This did not work:

<VirtualHost 10.10.10.10:80>
  ServerName example.com

  DocumentRoot /var/www/html

  <Directory /var/www/html>
    Options FollowSymLinks
    AllowOverride None
    order allow,deny
    allow from all
  </Directory>

  # disallow the admin directory: 
  <Directory /var/www/html/admin>
    order allow,deny
    deny from all
  </Directory>

  # but allow this single file:: 
  <Files      /var/www/html/admin/allowed.php>
      AuthType basic
      AuthName "private area"
      AuthUserFile /home/webroot/.htusers
      Require user admin1
  </Files>

  ...
</VirtualHost>

When I visit http://example.com/admin/allowed.php I get the Forbidden message of the http://example.com/admin/ directory. How can I make an exception for allowed.php?

If not possible, maybe I could enumerate all forbidden files in another Files directive?

Let's say admin/ contains also user.php and admin.php which should be forbidden in this virtual host.

© Server Fault or respective owner

Related posts about security

Related posts about apache2