Need help with a tricky combination of Allow and Require

I have a directory I need to protect using authentication, but also be able to specify a couple of exceptions using Allow.

I want to allow access from a specific IP, and also allow public access to a specific file. With the config below the allow from the IP address works fine, but the access to the specific file doesn’t work.

Am I doing something bone headed?

Here’s what I have:

<VirtualHost *:80>
        DocumentRoot "/var/www/html/"

        <Directory />
                AuthType Kerberos
                AuthName "Login"

                Satisfy any

                Require valid-user

                Order Allow,Deny

		#Allow anon access from one IP
                Allow from

                 # Allow access to one file name for everyone
                <Files public-file.html>
                        Allow from all


That’s sounds correct to me. What I was concerned about was trying to punch a hole in the allow,deny for a single file (with support files?). THAT is what I don’t believe is possible.



Hi Andrew!

What you’re attempting can’t be done (IMHO) as your objectives appear to be mutually exclusive: Either the directory is protected or it’s not.

Just a comment on the allow,deny: Typically, you use Deny,Allow (order) then Deny from ALL before punching holes in the Deny by Allow with your username/password and/or your LAN address.

With that, I don’t believe that you can “punch a hole” in the directory protection for a single file (and/or supporting files). I believe that you really need to move that file to a different directory (i.e., VirtualHost).

“Bone headed?” Naw, just ambitious with your “wish list.”



Thanks David!

changing the order to Deny,Allow (and adding Deny from all) made it work.

Is that what you were expecting? Reading from the Apache doco “Satisfy any” will cause Apache to accept a match from either the Require directive or the Alloy/Deny combo… That sound right to you?