How to use a different password in a subdirectory (.htaccess)

Order Deny,Allow
AuthUserFile /var/www/subdir开发者_如何学Pythonectory/.htpasswd
AuthName "Authorization Required"
AuthType Basic
require valid-user

^my .htaccess file.

However, the parent directory has a password.

I want this directory to ask only for one password (even though it asks for the second password, the second password can be left blank. Despite this, i want to remove the second password because it is annoying).

If you want the subdirectory to require the same password as the parent directory, you don't need the .htaccess at all in the subdirectory.

Or are you trying to use a different password in the subdirectory?

[Update:] In which case, you need to limit the parent's require to not include the subdirectory in question — through a FilesMatch directive, for instance. Keep your subdirectory's .htaccess the same, and modify the parent's to include something like:

<FilesMatch "\.(private|dirs|are|listed|here)">
    require valid-user
</FilesMatch>

(It seems that there's no way to negate a FilesMatch regex; but I might be wrong about that.)

.htaccess applies to all the files and subfolders. Your .htaccess file with the following tree structure would password protect dir1/index.html, dir1/subdir1/index.html, and dir1/subdir1/example.html.

- dir1
| - .htaccess
| - index.html
| - subdir1
  | - index.html
  | - example.html

To password protect only subdir1 move the .htaccess file into the subdirectory. With the following structure the protected files are dir1/subdir1/index.html and dir1/subdir1/example.html

- dir1
| - index.html
| - subdir1
  | - .htaccess
  | - index.html
  | - example.html

To password protect a directory except for a subdirectory an additional .htaccess file needs to be placed in the subdirectory to override the options of the parent .htaccess file.

- dir1
| - .htaccess
| - index.html
| - subdir1
  | - .htaccess
  | - index.html
  | - example.html

In dir1/subdir1/.htaccess:

Require all granted

Then dir1/index.html requires a password, but not the files in dir1/subdir1/. See https://httpd.apache.org/docs/2.4/howto/access.html for information on Require all granted.

To require one password for the parent folder and a different password for the child folder:

- dir1
| - .htaccess
| - index.html
| - subdir1
  | - .htaccess
  | - index.html
  | - example.html

In dir1/subdir1/.htaccess use a different AuthUserFile or require a different user/group/requirement:

# Use a different list of Users for this directory
AuthUserFile /var/.htpassrd_subdir1

# Or require a different user
#require user subdir1User

# Or use a different type of authentication altogether
#AuthUserFile /var/www/subdirectory/.htdigest
#AuthName "Subdir1-Realm"
#AuthType Digest
#require valid-user

The authentication cannot be nested. Adding auth to a subdirectory will override the authentication configuration on the parent directory. If both the parent and the child folder are password protected and someone visits a file in the child folder they are prompted for a single password; the password configured for the child folder.