Hi, I have my root folder .htaccess protected. Is it possible to allow one of the directories in it (an add-on domian) to be unprotected?

And if so, how?

Many thanks...

Write another ".htaccess" file in it.

Basically, the ".htaccess" file in the root folder applies to everything in it. Likewise, a ".htaccess" file in public_html/theOpenFolder/ will apply to public_html/theOpenFolder and all subfolders in it.

I suspect that won't work. The root directory (public_html/) will be visited first, so you will have to clear the id/password hurdle there before moving on to a lower level directory (the add-on). I haven't heard of any way to "retroactively" cancel out the request for an id/password in a higher level directory. If anyone knows how, that would be useful information to know. I tried it with a password-protected directory, and a directory below it. To go directly to the subdirectory, I first had to enter the id/password for the parent directory. Adding an empty .htaccess to the subdirectory didn't change anything.

I tried the following instructions: http://www.mangoorange.com/2008/09/19/authtype-none/ to add a clause to the parent directory's .htaccess file to permit free access to the subdirectory, but I only got 500 errors ("Directory not allowed here") for my troubles (I left out all the Python stuff and only used the last 3 lines). It's not clear to me whether the technique given is to leave one of a group of sibling directories unprotected, while password protecting the rest, or whether it's supposed to work for a parent-child relationship (which is what you want). I suspect that if there is a way to do that, if would have to be an exception clause <Directory dir-name> in the .htaccess file asking for password control, rather than something in the subdirectory.

As madscape said, you're probably going to have to restructure your primary site so there's nothing valuable in the root directory, and just password-protect lower level directories. Using information on the site I linked to, you may be able to set up password protection for any desired set of directories all in one go, without adding each one separately in cPanel.

Nevertheless, I'd love to know how to exempt lower level directories from a password-protected higher level, so if anyone knows, please post!

Hi !
I have read all the example ,and other stuff but i have some problems conencting my active directory !

If i use the simple context.SECURITY_AUTHENTICATION, i have
this exception : Problem getting attribute: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 525, v893

If i do it with none for context.SECURITY_AUTHENTICATION i manage to connect for my AD but when i try to get other data for my AD i can't :
attr = ctx.getAttributes("cn=julien oriano,cn=Users,dc=mgpat,dc=local");
attr has a size of 0 even if this DN exist !


Hashtable env= new Hashtable(11); env.put(Context.SECURITY_AUTHENTICATION,"simple"); env.put(Context.SECURITY_PRINCIPAL,"cn=administrateur,cn=users,DC=local,DC=mgpat");//User
env.put(Context.SECURITY_CREDENTIALS, "pc28xj56");//Password
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL,"ldap://netfinity1:389");

 

What is sounds like to me, is you may actually need a custom login script created.

With a properly created login script, you can setup your pages to not be accessible unless a person is logged in, and only those who login would be able to see anything.

In this case, you would generally have a "portal page" where someone would login at, however this would depend on your exact script being used, and may require additions to every page you have in order to work correctly.