Apache AuthN and AuthZ

Apache's docs are at:
http://httpd.apache.org/docs/2.2/howto/auth.html

You may want to have access control (location based) as well;
http://httpd.apache.org/docs/2.2/howto/access.html

One question that comes up, is how to have overlapping security. Here's a good example of how to secure the root, but allow an inner path to be open
http://ertw.com/blog/2007/08/23/apache-and-overlapping-location-directives/

 <Location />
	AuthType Basic
	AuthName "protected"
	AuthUserFile "....."
	require valid-user
</Location>
<Location  /Api/ >
	Order Allow,Deny
	Deny from none
	Allow from all
	# This means that either the "require valid-user" from above
	#or the above order (ie everyone) will work.
	# Without it, you get prompted
	Satisfy Any
</Location>


Comments