Excluding a directory from a higher-ranking .htaccess file

Hi,

I need to know if its possible to exclude password-protection on a specific
directory using a .htaccess file.

I'm not admin on the server and has to use .htaccess files to control the
pages, eventhough I know it would be smarter to set up some rules in
httpd.conf.
I have a .htaccess file in the root that makes sure the user is asked for
login and password before allowing any access to any
subdirectories/subpages. This works as it should.

Now I need a subdirectory to be completely excluded from the previous
..htaccess, allowing anybody to view the page without asking for passwords.
Is this possible?

I've made several attempts to override the root .htaccess file in many ways,
but it has never worked at all. Has anyone done anything similar and can
point me in the right direction?

signing off.. Martin Sørensen

Martin Sørensen wrote:

> Hi,
>
> I need to know if its possible to exclude password-protection on a specific
> directory using a .htaccess file.
>
> I'm not admin on the server and has to use .htaccess files to control the
> pages, eventhough I know it would be smarter to set up some rules in
> httpd.conf.
> I have a .htaccess file in the root that makes sure the user is asked for
> login and password before allowing any access to any
> subdirectories/subpages. This works as it should.
>
> Now I need a subdirectory to be completely excluded from the previous
> .htaccess, allowing anybody to view the page without asking for passwords.
> Is this possible?
>
> I've made several attempts to override the root .htaccess file in many ways,
> but it has never worked at all. Has anyone done anything similar and can
> point me in the right direction?
>
> signing off.. Martin Sørensen
>
>

I think the way .htaccess works is that it goes through each directory and
reads each .htaccess along the way, and adds up all the rules as it goes.So
probably what's happening is that the 'AuthType Digest' (or whatever) directive
in your root .htaccess file is given more importance than 'AuthType None'in
the directory that's further down the tree.

Just a guess though.
----
Michael Newton
http://mike.rancidcrab.com

>> Now I need a subdirectory to be completely excluded from the previous
>> .htaccess, allowing anybody to view the page without asking for
>> passwords. Is this possible?
> I think the way .htaccess works is that it goes through each
> directory and reads each .htaccess along the way, and adds up all the
> rules as it goes.

From what I've read in the documentation, a new .htaccess file should
completely override a higher-level .htaccess, but from my tests, that
doesn't happen. It is more likely that the rules add up instead of replacing
the old, as you write.

> So probably what's happening is that the 'AuthType
> Digest' (or whatever) directive in your root .htaccess file is given
> more importance than 'AuthType None' in the directory that's further
> down the tree.
> Just a guess though.

Well, you may be right, but then I need to know how to override the
AuthType.

My root .htaccess file looks like this:
----
AuthUserFile /home/blabla/.htpasswd
AuthGroupFile /dev/null
AuthName Restricted
AuthType Basic

<Limit GET POST>
require valid-user
</Limit>
----

signing off.. Martin Sørensen