I'm stuck with a pretty nasty problem. I have a staging system here where only our customers and our company should have access to. This is done using the following configuration:
<Directory "/srv/www/example.com">
AllowOverride All
Options FollowSymlinks -Indexes
Order deny,allow
Allow from 127.0.0.0/8 1.2.3.4 5.6.7.8
# our IP
Allow from 4.3.2.1
# PayPal IPN
Allow from 216.113.191.33
# Deny from all
AuthType Basic
AuthName "Restricted Files"
AuthUserFile /srv/www/htdocs/.htpasswd
Require valid-user
Satisfy Any
</Directory>
Now I want to make one URL public so everyone has access to it. As it is a URL I went for the Location
directive. So I tried the following:
<Location /url/to/config.xml>
Order allow,deny
Allow from all
</Location>
But no matter which combination I'm trying for Order
, it just won't work and the server is always asking for credentials. Am I missing something? As far as I understood the docs at apache.org, the Location directive is parsed after Directory and therefore should be able to override the access limitations.
Any idea/hint?
Best Answer
You should be able to do this with multiple <Directory> blocks. Here is a link to the applicable apache documentation:
http://httpd.apache.org/docs/2.2/sections.html
I think the key items for your case are:
Also http://httpd.apache.org/docs/2.2/sections.html#mergin - specifically:
I think this will work: