Below is my VHost (that is slightly modified to obscure some Web addresses):
1 NameVirtualHost 192.168.1.49:80 2 3 <VirtualHost 192.168.1.49:80> 4 ServerName internal-title.local 5 ServerAlias *.internal-title.local exterior-domain.co.united kingdom *.exterior-domain.co.united kingdom 6 7 <Directory "/var/www/html"> 8 AllowOverride All 9 10 Order deny,allow 11 Deny all 12 13 AuthName "Restricted Development Server" 14 AuthUserFile /var/www/html/.htpasswd 15 AuthType Fundamental 16 Require valid-user 17 18 Allow From 192.168.1. 19 20 Satisfy Any 21 </Directory> 22 23 <Location /open-path > 24 Order Allow,Deny 25 Allow All 26 Deny From None 27 </Location> 28 29 LogLevel debug 30 VirtualDocumentRoot /var/www/html/%1/ 31 </VirtualHost>
Things are working fine - every sub-domain will get its very own folder within /var/www/html. Any demands from 192.168.1.x (with an internal domain map) can observe the website without password prompts. Any demands from exterior IP's (via exterior-domain.co.united kingdom) is going to be motivated for any password.
The issue I'm getting gets that last "location" rule to operate.
Nothing I actually do (whether it is .htaccess or vhost level) using or will disable the password protection for that "/open-path" URL.
In fact - each site about this server is running Drupal which utilizes a URL Rewrite within the .htaccess which maps all non-files onto "?q="... So: http://domain/foo/bar maps to: http://domain/index.php?q=foo/bar
I dont believe that should effect this though, should it?
The main reason I show him is the fact that "/open-path/callback" is needed to become open for a third party API to "ping" the website. I have to test this callback is working before pushing to reside, however I'd rather not unveil the whole site from password protection.
I have attempted setting the place to "/index.php?q=open-path", that isn't labored either.
Any suggestion could be GREATLY appreciated!
This really is in the Apache paperwork: http://httpd.apache.org/docs/2.2/mod/core.html#require
<Directory /path/to/protected/unprotected> # All access controls and authentication are disabled # in this directory Satisfy Any Allow from all </Directory>
This works together with Location too.