When a directory is password protected with Apache either with a .htaccess file or in the main Apache configuration, all subdirectories are also password protected. This post shows how to remove password protection from a subdirectory and from an individual file.
Removing password protection for a directory
If the directory /var/www/mysite/private is password protected and we want to make the subdirectory /var/www/mysite/private/public available without a password then create a new .htaccess file in that subdirectory that contains this:
Satisfy any
To do this in the main Apache configuration using <Directory>:
<Directory /var/www/mysite/private/public>
Satisfy any
</Directory>
or in a <Location> block:
<Location /private/public>
Satisfy any
</Location>
Removing password protection for a file
Add this to your .htaccess file to allow access to the file named e.g. public.html:
<Files public.html>
Satisfy any
</Files>
<Files> can be put within a <Directory> block in the main Apache configuration so to protect private and allow access to public.html you could do this:
<Directory /var/www/mysite/private>
AuthUserFile /path/to/.htpasswd
   AuthName "Restricted Access"
   AuthType Basic
   require user [username]
<Files public.html>
Satisfy any
</Files>
</Directory>
Note that this will match any file named public.html under that directory. You could instead use <Files ~ …> or <FilesMatch> which make the filename argument a regular expression to be more certain of matching the exact file. Me, I find it easier to just do it with an .htaccess file 🙂
