I have a directory structure similar to:
- html
- sites
- .htaccess
+ files
- .htaccess
- index.php
The file /html/.htaccess uses AuthUserFile to protect the entire site. However, the /html/sites/.htaccess file is also used to protect the "sites" folder with a separate password. The problem is when I attempt to visit a file in the sites folder in a browser, it asks for the top level password (from /html/.htaccess) and then gives a page not found error. If I disable either AuthUserFile command in either .htaccess file everything works fine - so I imagine they are conflicting somehow.
Due to server restrictions I cannot modify the apache .conf file to add these rules per-directory. Is there a way to have a separate password for the subdirectory (in "sites") that overrides the password in the top level .htaccess file (in "html")?