Password Protect All but One File (htaccess)

by Brett on July 20, 2008

Once in a while need to allow someone access to one file but no other files in the same directory. I often solve this problem by moving the one file to a sub directory and then adding the following to an htaccess file in that same sub directory.

allow from all
satisfy any

This normally works well but is not a perfect solution since it is not always appropriate to move the file to a different directory. So, I took the time and figured out how to password protect everything but one file. Below is the basic password protection that I had in the htaccess file that blocked everything in the directory (and sub-directories).

AuthGroupFile /dev/null
AuthName "A Blog"
AuthType Basic
AuthUserFile /path/to/.htpasswd
require valid-user

Now in order to exclude a file I just had to add the following below the above six lines of code.

<Files "page.html">
  Allow from all
  Satisfy any
</Files>

Of course this can be taken one step further if you wanted to exclude multiple files from password protection.

<FilesMatch "(page1\.html)|(page2\.html)">
  Allow from all
  Satisfy any
</FilesMatch>

FilesMatch can take a regular expression so you don’t necessarily have to list out each file. The below code will also accomplish the same thing (as above).

<FilesMatch "page[1-2]\.html">
  Allow from all
  Satisfy any
</FilesMatch>
  • RL

    Thank you sir, you’re a lifesaver :)

  • Good article! Completely solved my problem, I was busy playing with in the httpd.conf…

  • Hey man, just so you know, a htmlspecialchars() or similar is lacking in the plugin used to print code in this article.
    Thus, tags like are not shown.

  • Jorge Portillo

    You are the shit! thank you very much. You just saved my life

  • CP

    Simple, yet completely effective. I can now exclude add-on domains from my password protection. Thank you for sharing!

  • Kim

    Hi there, how would you exclude a specified folder instead of just file(s)?

  • Hi
    I have a question ,How to protect only one folder ,for example

    http://www.example.com must be allow to access but http://www.example.com /admin/ this must restricted by ht-password ,is it possible ? please let me know .Thanks in advance !

  • Jani

    Are you missing the closing ??

  • Manuel

    Thanks for sharing. Just would like to mention that in the 3rd code example the closing tags for are missing.

Previous post:

Next post: