Apache Basic Auth but not on subdirectories

ameharhughes · 10-03-2014, 07:54 AM

Hello,

I am running a Ubuntu 10.04 server with Apache 2.2 and have put a htaccess file for the whole site - this works;
=======================================
AuthUserFile /var/www/.htpasswd
AuthType Basic
AuthName Sign In
Require valid-user

<Files reports/*>
allow from all
</Files>
=======================================

I have a subdirectory called reports and a directories for the years within this. I do not want to password protect these, I have the below as the htaccess file within this directory
=======================================
Order allow,deny
Allow from all
Satisfy Any
=======================================

So the wierd thing in the pages load and asks for the user/pass but then pressing escape loads the page normally, has anyone seen this before or can suggest what to check? I have looked the conf file for the site and there is nothing I see to conflict with this.

Thanks

TenTenths · 10-03-2014, 08:14 AM

Check to see if there's ANYTHING on the page that loads resources from outside the reports/ folder.

For example if you don't have a page there and are using Apache's automatic "Index" function then I believe that tries to load graphics from elsewhere.

Habitual · 10-03-2014, 11:13 AM

.htaccess files are hierarchical. Top > down
If you wish to protect one and not the sub-DIRs, then use the appropriate declarations in the apache/../site.conf