How to remove .htaccess password protection from a subdirectory

Question

I have password protected my entire website using .htaccess but I would like to expose one of the sub directories so that it can be viewed without a password.

How can I disable htaccess password protection for a sub directory? Specifically what is the .htaccess syntax.

Here is my .htaccess file that is placed in the root of my ftp.

AuthName "Site Administratrion"
AuthUserFile /dir/.htpasswd
AuthGroupFile /dev/null

AuthName secure
AuthType Basic
require user username1
order allow,deny
allow from all

Answer 1

You need to create a new .htaccess file in the required directory and include the Satisfy any directive in it like so, for up to Apache 2.3:

# allows any user to see this directory
Satisfy Any

The syntax changed in Apache 2.4, this has the same effect:

Require all granted

Answer 2

Adding to RageZ's answer, I used this in the Server Directives:

<Directory /var/www/protected/>
     AuthType Basic
     AuthName "Production"
     AuthUserFile /path/to/.htpasswd
     Require valid-user
</Directory>

<Directory /var/www/protected/unprotected>
     Satisfy Any
</Directory>

Awesome. Thanks RageZ!

Answer 3

Simply create a new .htaccess in the desired subdirectory with this directive:

Allow from all

You can restrict to your IP only with :

Allow from x.x.x.x

See : http://httpd.apache.org/docs/current/mod/mod_access_compat.html

Answer 4

You need to add another .htaccess file to the subdirectory that overrides the authentication. .htaccess cascades upwards, i.e. it will look in the current folder, then go up a level and so on.

Answer 5

Here is a way to allow subdirectory "foo" through the basic authentication from the main .htaccess file on a site:

AuthType Basic
AuthName "Password Required"
AuthUserFile /dir/.htpasswd
Require expr %{REQUEST_URI} =~ m#^/foo/#
Require valid-user

Note: This works in Apache 2.4. I have not confirmed for earlier versions.

Answer 6

If you want to prevent any specific directoty from htaccess authentication then you can use following code in your htaccess file at top.

AuthType Basic AuthName "Enter Pass" AuthUserFile /home/public_html/.htpasswd /*PATH TO YOUR .htpasswd FILE*/ Require valid-user SetEnvIf Request_URI "(/DIRECTORY_NAME/)$" allow Order allow,deny Allow from env=allow

Also If you want to prevent multiple directories then add

SetEnvIf Request_URI "(/DIRECTORY_NAME/)$" allow

as many time as many directories, you want to remove from htaccess prevention.