Remove Basic Auth from Subdirectory

Sometimes its essential to lock down your site or a directory using Basic Auth. Basic Auth is a nice simple method of password protecting directories using .htacces files.

But what if you need to make a sub directory of the parent directory that you have password protected, available to the public?

For example, if you have locked down a directory called /private_stuff but you want people to still access /private_stuff/public_stuff without a username and a password.

Easy. Just do the following.

  1. create a new file called .htaccess
  2. in the file put the following code

    Order Deny,Allow
    Allow from all
    Satisfy any
  3. upload that file into /private_stuff/public_stuff

Now, when someone visits /private_stuff/public_stuff they will not be presented with a username and password prompt.