I am running Fedora 8 with Apache 2.2.
I have a section of my web site which is password protected for
outside (i.e. non LAN) users, this uses the standard sequence as
follows:-
AuthType Basic
AuthName "ISBD Home Server"
AuthUserFile /etc/httpd/conf/passwd
Require valid-user
So far so good, it works as intended.
However I want to further restrict access to a lower sub-directory such
that it isn't accessible to outside users at all. How can I do this?
Allow/Deny directives don't do what I want because they don't affect
the above password authentication. What I want is some directive that
explicitly *removes* password authenticated access from a directory.
If I add a "Satisfy All" directive to the sub-directory then the
effect is to prevent outside access (which is what I want) but in
adddition LAN users have to enter a valid name/password which I don't
want to have to do.
The best solution I have come up with so far is to add "Require
aNonexistentUser" to the sub-directory, it asks for a name/password
but no valid ones exist. However, as I said, I'd really like to say
"don't try password authentication here at all".
--
Chris Green
