0

I have an entire site under .htpasswd with SSL - any http requests are rejected - and am trying to exempt a folder from the rule. Either to do a basic .htpasswd for the directory, or make it open. I'm sure I'm being very stupid, but I haven't been able to get it right. Exceptions in /public_html/.htaccess haven't worked, and neither has creating an .htaccess file with different rules within the directory.

I've checked similar questions, but haven't been able to find something that works.

I feel as if I'm asking a very silly question, so I apologise. Thanks in advance.

Edit: I can open up the directory, but I can't allow access from http:// rather than https:// because of SSLRequireSSL in .htaccess, which is what I actually want to do.

Edit2: This is the configuration I'm currently using:

AuthUserFile /home1/user/.htpasswds/.htpasswd
AuthType Basic
AuthName "Log-in Required"
Require valid-user
SSLOptions +StrictRequire
SSLRequireSSL
SSLRequire %{HTTP_HOST} eq "site.com"
Luc
  • 263
  • 2
  • 17
Hugh
  • 1
  • 1
  • Show us the htaccess that makes everything require a password and use HTTPS. Only then we can modify it so that a given subdirectory is exempted. – Luc Jul 08 '13 at 00:25
  • @Luc `AuthUserFile /home1/user/.htpasswds/.htpasswd` `AuthType Basic` `AuthName "Log-in Required"` `Require valid-user` `SSLOptions +StrictRequire` `SSLRequireSSL` `SSLRequire %{HTTP_HOST} eq "site.com"` – Hugh Jul 08 '13 at 03:00

1 Answers1

1

In the directory you want to "unprotect", have a .htaccess file containing this:

Satisfy any

It will remove any restrictions inherited from .htaccess file in higher-level directories. Note that it will remove such restrictions for all subdirectories as well (because this is how htaccess checking works).

Lacek
  • 6,585
  • 22
  • 28