23 Aug
Apache and overlapping Location directives
I had a need to put password protection on a web site, but allow a certain section to be unprotected. The other way around is easy because permissions are inherited to subdirectories, so a child directory won’t affect a parent.
According to Configuration Sections, merging, Locations containers are processed in order, so the second container can modify behaviour from the first. The other trick ended up being the Satisfy directive, which allows one to say that any one of the specified methods will work. The final config is something like
<Location /> AuthType Basic AuthName "protected" AuthUserFile "....." require valid-user </Location> <Location /Api/ > Order Allow,Deny Deny from none Allow from all # This means that either the "require valid-user" from above #or the above order (ie everyone) will work. # Without it, you get prompted Satisfy Any </Location>