Try this in your .htaccess
:
Require valid-user
<Files ?*>
Order allow,deny
Allow from all
Satisfy any
</Files>
Here Require valid-user
requires any known login. Then you amend this restriction for files with at least one character in their name – this is what the glob pattern ?*
for the <Files>
section will match –, which effectively means the enclosed rules apply to files, but not to directories.
In the amended rules for files, the key is Satisfy any
. It allows the authorization to satisfied by either credentials or IP address. Then you allow any IP address to pass, so requests are always authorised.
So now browsing this directory or any of its subdirectories will require a login, but directly retrieving a file from it won’t.
Which is what you wanted.
<LocationMatch "/pictures"> AuthUserFile /home/asdasd/public_html/user5678/pictures/.htpasswd AuthGroupFile /dev/null AuthName "Restricted Directory" AuthType Basic
</LocationMatch> <Limit GET POST> require valid-user </Limit>
This is my current .htaccess file, located in /pictures. Is there something I'm doing wrong? This seems to return a 500 Internal Server Error. – None – 2010-05-29T10:29:22.253
a) read about
– Marian – 2010-05-29T14:34:45.040LocationMatch
, it requires a regex. b) You need to put therequire valid-user
inside theLocationMatch
block of course (why theLimit
statement anyway?)