I realize this is somewhat off topic here, but it wasn’t obvious to me, and it took quite a few google searches to come up a hints, so I thought someone might benefit from this.

I had what I thought was a pretty simple problem. I have a site that is currenlty protected by a password. You know, something like:

AuthType Basic
AuthName “Allow Specific Users”
AuthLDAPURL ldap://localhost:389/dc=domain,dc=com?uid?sub?(objectClass=*)
require valid-user

to protect the whole site. Now, I also needed a subdirectory to be accessible without a password.

That’s easy, I thought, I probably just need to create a or a .htaccess with AuthType None or something. Not so fast! After quite a while, I was starting to think that the only solution was going to be to set the root public, and protect all the sub directories but one.

But in fact the solution is very simple:

just create a .htaccess file and include:

Allow from all
Satisfy Any

And that’s it! Turns out Satisfy Any will let people in if either the require or the Allow matches.