I want to protect an entire virtual host in Apache, but I still want to allow public access to a single file. The virtual host proxies all requests to a Tomcat server on the back end. What's the best way to do this?
I tried setting up my virtual host definition as follows, but it still requires a password for the file I want to be exposed publicly:
<VirtualHost *>
ServerName example.com
<Location / >
Order Allow,Deny
Allow from all
AuthType Basic
AuthName "Restricted Access"
AuthUserFile /etc/apache2/secrets.htpasswd
Require valid-user
</Location>
<Location /foo/bar.html>
Order Allow,Deny
Allow from all
</Location>
</VirtualHost>
Any suggestions?
Both <Location> sections apply to your file, and so they are both processed for it in order. http://httpd.apache.org/docs/2.0/sections.html Your second section doesn't override anything from your first, so the AuthType and Require directives, etc, remain intact.
If you add the directive "Satisfy any" directive (http://httpd.apache.org/docs/2.0/mod/core.html#satisfy) in the latter section, I believe that should allow all traffic thanks to your "Order Allow,Deny" and "Allow from all". You can leave out repeating those two directives, though.