views:

425

answers:

2

http://httpd.apache.org/docs/trunk/mod/mod_authn_core.html#authtype talks about "AuthType None", and has an awesome example of exactly what I need to do - unfortunately, it appears to be new to 2.3/2.4. Is there any equivalent feature in 2.2?

The authentication type None disables authentication. When authentication is enabled, it is normally inherited by each subsequent configuration section, unless a different authentication type is specified. If no authentication is desired for a subsection of an authenticated section, the authentication type None may be used; in the following example, clients may access the /www/docs/public directory without authenticating:

<Directory /www/docs> 
AuthType Basic
AuthName Documents
AuthBasicProvider file
AuthUserFile /usr/local/apache/passwd/passwords
Require valid-user 
</Directory>

<Directory /www/docs/public>
AuthType None
Require all granted
</Directory>
A: 
<Directory /www/docs/public>
AuthType None
Require all granted
Satisfy Any
</Directory>

This will work

Medvedus
A: 

I think you are right: it is not supported in apache 2.2.

I would try the ugly workaround at https://issues.apache.org/bugzilla/show_bug.cgi?id=10932

Something like:

<DirectoryMatch "^/www/docs/(?!public)"> 
AuthType Basic
AuthName Documents
AuthBasicProvider file
AuthUserFile /usr/local/apache/passwd/passwords
Require valid-user 
</Directory>

or

<DirectoryMatch "^/www/docs/[^p][^u][^b][^l][^i][^c]"> 
AuthType Basic
AuthName Documents
AuthBasicProvider file
AuthUserFile /usr/local/apache/passwd/passwords
Require valid-user 
</Directory>
Marc MAURICE