Home / Remove password protection from a subdirectory with Apache

Remove password protection from a subdirectory with Apache

When a directory is password protected with Apache either with a .htaccess file or in the main Apache configuration, all subdirectories are also password protected. This post shows how to remove password protection from a subdirectory and from an individual file.

Removing password protection for a directory

If the directory /var/www/mysite/private is password protected and we want to make the subdirectory /var/www/mysite/private/public available without a password then create a new .htaccess file in that subdirectory that contains this:

Satisfy any

To do this in the main Apache configuration using <Directory>:

<Directory /var/www/mysite/private/public>
    Satisfy any
</Directory>

or in a <Location> block:

<Location /private/public>
    Satisfy any
</Location>

Removing password protection for a file

Add this to your .htaccess file to allow access to the file named e.g. public.html:

<Files public.html>
    Satisfy any
</Files>

<Files> can be put within a <Directory> block in the main Apache configuration so to protect private and allow access to public.html you could do this:

<Directory /var/www/mysite/private>
    AuthUserFile /path/to/.htpasswd
    AuthName "Restricted Access"
    AuthType Basic
    require user [username]   
    <Files public.html>
        Satisfy any
    </Files>
</Directory>

Note that this will match any file named public.html under that directory. You could instead use <Files ~ …> or <FilesMatch> which make the filename argument a regular expression to be more certain of matching the exact file. Me, I find it easier to just do it with an .htaccess file 🙂