Fork me on GitHub


Simple, but handy .htaccess tricks

July 10, 2009 | Code, Computers

These two have always been questions in my mind but until recently I’ve never had the need to actually put time in to satisfying my curiosity and as I look around I haven’t (easily) found any real world examples of these out there.

So, we all know how to set up basic HTTP authentication, right? Good. Here we go…

Please re-read this post. It has been corrected for erroneous information!

You might have something like this in your .htaccess file:

AuthType Basic
Require valid-user
AuthName "Halt! Who goes there?"
AuthUserFile /www/passwords/.passwd

Now with just a few tweaks we can make less of a simple all or nothing wall between your users and the content and set some of it free.

Allowing Access via IP Address

So, you want to require a password to outsiders but you and your co-workers are getting tired of entering the username and password for every small visit needed to the site? If your office has a static IP address, allow it.

AuthType Basic
Require valid-user
AuthName "Halt! Who goes there?"
AuthUserFile /www/passwords/.passwd
Allow from
Satisfy Any

What we’re telling Apache is to allow access from the IP address and to Satisfy any of the access requirements. If Satisfy were set to all, access would require username, password and IP address matches to grant access.

Unprotecting Content

Sometimes we need to poke holes in the wall to allow unfettered access to one resource or another. This is pretty straight forward.

First off, lets allow access to an entire directory. In the directory you want to open up, make a .htaccess file and add just this code:

Satisfy Any
Allow from all

We pretty much just tell Apache that anyone should be let in and all auth directives should be considered satisfied.

But maybe we don’t want to give full access to everything in that folder. Maybe its just one file. That can be done too. All we need to do is use the Apache Files directive to provide a filename to allow access to.

<Files file.html>
Satisfy Any
Allow from all

Lastly, this can also be done for a series of files based on regex filename matching. This code allows access to images without requiring auth:

<FilesMatch "\.(gif|jpe?g|png)$">
Satisfy Any
Allow from all

And that’s not all

This is really just scratching the surface, but for a lot of day to day needs of projects in development that shouldn’t be opened up to the whole world these guys can go a long way to helping make life just a little bit easier.

8 Responses

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.

  • Super tips. Thanks for looking in to this subject.

    Charley Ramm, July 30, 2009 8:07 am | permalink

  • For me works specified deny-allow order, like:
    AuthType Basic
    Require valid-user
    AuthName “Halt! Who goes there?”
    AuthUserFile /www/passwords/.passwd
    Order deny,allow
    Deny from all
    Allow from
    Satisfy Any

    tjn, May 5, 2013 5:59 am | permalink

  • When I tried “Allow from all”, Apache 2.2.15 gave an error: “allow not allowed here”. I tried “require none”, and that worked.

    David Burns, August 16, 2013 9:19 pm | permalink

  • Tice easy tip on unprotecting a single directory, I was going the hard route. Thanks!

    Wes, September 4, 2013 1:59 pm | permalink

  • Hi,
    The Satisfy directive is no available for Files. Only for Directory.
    Remove that line and you will see that it behaves the same.

    Razvan, May 5, 2014 7:02 am | permalink


  1. Simple, but handy .htaccess tricks | UK Web Designer

    […] Simple, but handy .htaccess tricks Categories: Development Tags: class-infrastructure, day-needs, flesh-out-some, […]

    July 11, 2009 | 12:15 am

  2. Around the web |

    […] Simple, but handy .htaccess tricks […]

    July 12, 2009 | 1:23 pm

  3. blogmarks for 2009-07-13 | I Live In Success

    […] Simple, but handy .htaccess tricks | The Gippy Pages […]

    July 14, 2009 | 6:02 pm

Comments are closed