I want to allow access to a single file in a directory that is otherwise forbidden.
This did not work:
<VirtualHost 10.10.10.10:80>
ServerName example.com
DocumentRoot /var/www/html
<Directory /var/www/html>
Options FollowSymLinks
AllowOverride None
order allow,deny
allow from all
</Directory>
# disallow the admin directory:
<Directory /var/www/html/admin>
order allow,deny
deny from all
</Directory>
# but allow this single file::
<Files /var/www/html/admin/allowed.php>
AuthType basic
AuthName "private area"
AuthUserFile /home/webroot/.htusers
Require user admin1
</Files>
...
</VirtualHost>
When I visit http://example.com/admin/allowed.php
I get the Forbidden message of the http://example.com/admin/
directory, but not the browser login popup from the basic auth, so the basic auth does not work on the file. How can I make an exception for allowed.php?
If not possible, maybe I could enumerate all forbidden files in another Files directive?
Let's say admin/ contains also user.php and admin.php which should be forbidden in this virtual host.
Edit: I also tried the following modification, trying to follow advice from Ignacio's answer, with the same result 'Forbidden':
...
# disallow the admin directory:
<Directory /var/www/html/admin>
order allow,deny
deny from all
</Directory>
# but allow this single file::
<Files /var/www/html/admin/allowed.php>
order allow,deny
allow from all
AuthType basic
AuthName "private area"
AuthUserFile /home/webroot/.htusers
Require user admin1
satisfy all
</Files>
...
Best Answer
Try this:
Files nested inside a Directory will only apply therein so your code block is more logically organized, and I think using the 'Satisfy any' will allow them to be merged as planned. I'm not sure if it's actually required so try it with and without the satisfy line...