Password Protect All but One File (htaccess)

by Brett on July 20, 2008

Once in a while need to allow someone access to one file but no other files in the same directory. I often solve this problem by moving the one file to a sub directory and then adding the following to an htaccess file in that same sub directory.

allow from all
satisfy any

This normally works well but is not a perfect solution since it is not always appropriate to move the file to a different directory. So, I took the time and figured out how to password protect everything but one file. Below is the basic password protection that I had in the htaccess file that blocked everything in the directory (and sub-directories).

AuthGroupFile /dev/null
AuthName "A Blog"
AuthType Basic
AuthUserFile /path/to/.htpasswd
require valid-user

Now in order to exclude a file I just had to add the following below the above six lines of code.

<Files "page.html">
  Allow from all
  Satisfy any
</Files>

Of course this can be taken one step further if you wanted to exclude multiple files from password protection.

<FilesMatch "(page1\.html)|(page2\.html)">
  Allow from all
  Satisfy any
</FilesMatch>

FilesMatch can take a regular expression so you don’t necessarily have to list out each file. The below code will also accomplish the same thing (as above).

<FilesMatch "page[1-2]\.html">
  Allow from all
  Satisfy any
</FilesMatch>

Previous post:

Next post: