如何从子目录中删除.htaccess 密码保护

You need to add another .htaccess file to the subdirectory that overrides the authentication. .htaccess cascades upwards, i.e. it will look in the current folder, then go up a level and so on.

You need to create a new .htaccess file in the required directory and include the Satisfy any directive in it like so, for up to Apache 2.3:

# allows any user to see this directory
Satisfy Any

The syntax changed in Apache 2.4, this has the same effect:

Require all granted

Adding to RageZ's answer, I used this in the Server Directives:

<Directory /var/www/protected/>
AuthType Basic
AuthName "Production"
AuthUserFile /path/to/.htpasswd
Require valid-user
</Directory>


<Directory /var/www/protected/unprotected>
Satisfy Any
</Directory>

Awesome. Thanks RageZ!

Simply create a new .htaccess in the desired subdirectory with this directive:

Allow from all

You can restrict to your IP only with :

Allow from x.x.x.x

See : http://httpd.apache.org/docs/current/mod/mod_access_compat.html

If you want to prevent any specific directoty from htaccess authentication then you can use following code in your htaccess file at top.

AuthType Basic AuthName "Enter Pass" AuthUserFile /home/public_html/.htpasswd /*PATH TO YOUR .htpasswd FILE*/ Require valid-user SetEnvIf Request_URI "(/DIRECTORY_NAME/)$" allow Order allow,deny Allow from env=allow

Also If you want to prevent multiple directories then add

SetEnvIf Request_URI "(/DIRECTORY_NAME/)$" allow

as many time as many directories, you want to remove from htaccess prevention.

Here is a way to allow subdirectory "foo" through the basic authentication from the main .htaccess file on a site:

AuthType Basic
AuthName "Password Required"
AuthUserFile /dir/.htpasswd
Require expr %{REQUEST_URI} =~ m#^/foo/#
Require valid-user

Note: This works in Apache 2.4. I have not confirmed for earlier versions.