I have an .htaccess file in a dev folder in the root of a site on a
shared host (identifiable info x'd out):

order deny,allow
deny from all
allow from xxx.xx.x.xxx
AuthType Basic
AuthUserFile /u/e/xxxx/.htpasswd
AuthGroupFile /dev/null
AuthName EnterPassword
require valid-user
satisfy any


This prompts anyone from outside our office IP for a password to access
the dev folder. Unfortunately, as it stands now, it also prompts anyone
who wants to access the pub folder for the same password (the pub and
dev folders are located on the same level in the server).

I had this working before, but lost the original .htaccess file in a
migration. What am I doing wrong that this .htaccess is applying its
restrictions to other folders on the same level as it? I thought
..htaccess restrictions were only supposed to apply to subfolders.

Tx.