I have basic auth set for Directory / and want to exclude Location /assets/upload, but it just won't work, I have tried several options and tutorials.
This Location directive clears the Directory auth config and disables basic auth for the whole website:
<Directory "/">
AuthType Basic
AuthName "Staging"
AuthUserFile /var/.../.htpasswd
AuthGroupFile /dev/null
Require valid-user
</Directory>
<Location "/">
Order deny,allow
Allow from all
Satisfy any
</Location>
However, I just want /assets/upload to be without basic auth, but if I change the 1st parameter of Location to /assets/upload, the whole page, including /assets/upload is protected by basic auth…
<Location "/assets/upload">
Order deny,allow
Allow from all
Satisfy any
</Location>
What could be wrong here?
Version: Apache/2.2.16 (Debian)
Best Answer
I'm afraid you seem to have misunderstood a few Apache concepts here. The argument in a
<Directory>
block is a full file system path, not one relative to the server root. You should never really change the<Directory />
block from the default. You do not need to change it for your configuration to work.The argument to a
<Location>
block is relative to the server root. So you just need two of these blocks to achieve what you wish.You should have a single
<Directory />
block in the global/server context (i.e. not inside any vhost) and it should be something like this.