I'm sure this is simple, but Google is not my friend this morning.
The goal is:
/public… is openly accessible
everything else (including /) requires basic auth.
This is a WSGI app, with a single WSGI script (it's a django site, if that matters..)
I have this:
<Location /public>
Order deny,allow
Allow from all
</Location>
<Directory />
AuthType Basic
AuthName "My Test Server"
AuthUserFile /path/to/.htpasswd
Require valid-user
</Directory>
With this configuration, basic auth works fine, but the Location
directive is totally ignored. I'm not surprised, as according to this (see How the Sections are Merged), the Directory
directive is processed first.
I'm sure I'm missing something, but since Directory applies to a filesystem location, and I really only have the one Directory
at /
, and it's a Location
that I wish to allow access to, but Directory
always overrides Location
…
EDIT
I'm using Apache 2.2, which doesn't support AuthType None
.
Best Answer
For Apache 2.2 (and probably others in the 2 series older than 2.3):