2

I have a htpasswd file, works fine - in my htaccess I have:

<Limit GET POST>
require valid-user
</Limit>

Which works, login/passwd shows up fine when you reach the root of website. However I need to limit this so the login/passwd will only appear when the user reaches for example http://mywebsite.com/appear/here/* - so basically when the user reaches /appear/here/* it should show..

I've looked at Can htpasswd be used to restrict access to a URL rather than a specific folder? - but still can't seem to figure it out..

Have tried:

<Files /appear/here/*>
require valid-user
</Files>

<Directory /appear/here/*>
require valid-user
</Directory>
Community
  • 1
williamsowen
  • 1,157
  • 3
  • 16
  • 24

2 Answers2

1

<Directory> is for a physical directory path on your server; or you can use <Location>.

One of these:

<Directory /path/to/webroot/appear/here>
    Require valid-user
</Directory>

Or:

<Location /appear/here>
    Require valid-user
</Location>
Shane Madden
  • 112,982
  • 12
  • 174
  • 248
1

The <Files > directive will try to match the filename, not the path leading up to the filename. Hence a <Files > directive with a slash in it is invalid. It is often used to match the extension on a filename.

The <Directory > directive is for directories relative to the root of the filesystem. So you probably want <Directory /var/www/docroot/appear/here>.

Since URIs don't always match filesystem paths, you may be better off with a <Location > directive, since these are matched against the URI.

<Location /appear/here>
  require valid-user
</Location>
Ladadadada
  • 25,847
  • 7
  • 57
  • 90
  • Cheers - I've tried Location, but I keep getting a 500 Internal Server Error when I reload the page – williamsowen Mar 08 '12 at 17:47
  • Do you have more in your config than just that `Require` ? [The relevant part of the docs](http://httpd.apache.org/docs/current/mod/mod_authz_core.html#require) says "Require must be accompanied by AuthName, AuthType and AuthBasicProvider or AuthDigestProvider directives, and directives such as AuthUserFile and AuthGroupFile (to define users and groups) in order to work correctly." – Ladadadada Mar 08 '12 at 18:19
  • Yes, I have: `AuthUserFile /path/to/my/.htpasswd` `AuthGroupFile /dev/null` `AuthName RESTRICTED` `AuthType Basic` - This is at the top of my htaccess, with the Location directives below it.. Have also tried placing this information within the Location directives too - but still I receive a 500 error. My htacess file is the standard bundled with Drupal 6 – williamsowen Mar 08 '12 at 18:25
  • More descriptive error messages should be found in your error log. – Ladadadada Mar 08 '12 at 18:28
  • 1
    @williamsowen Oh, this is in an `.htaccess` file? Why not just put the restrictions in an `.htaccess` in the restricted location and drop the extra blocks, then? – Shane Madden Mar 08 '12 at 20:10
  • The error log reveals: `.htaccess: – williamsowen Mar 09 '12 at 11:54
  • As Shane said, just create a new `.htaccess` file in the directory that needs to be restricted and don't bother with any `` or ` blocks. Or you could follow our advice in the main Apache config, but not in a `.htaccess` file. – Ladadadada Mar 09 '12 at 12:13