On Thu, Mar 13, 2008 at 10:31:57AM +0000, Chris G wrote:
I'm trying to prevent outside access to a sub-directory of a directory which *does* allow outside access.
[snip original question]
I now understand the problem a little better and the question *really* is:-
If I have password authenticated access to a directory of my web site how do I *prevent* access to a sub-directory of that directory (using apache directives, obviously I could just prevent apache accessing it by removing permissions).
Adding a "Deny all" directive to the sub-directory does *not* override password authenticated access which has been given by a "Require valid-user" directive in a directory above.
I have sort of got what I want by putting a "Require noOneWhoExists" directive for the sub-directory but I'd really prefer a way to disable the password authentication from happening at all so it just says access denied.