I want to protect an entire server with Require valid-user
, but I want to allow certain resources to be accessible without a login. For the sake of argument, say that files A
, B
, and C
should be public. I've tested this requirement with the config below:
<Location "/">
...
AuthType openid-connect
Require valid-user
</Location>
<Directory "/var/www/data">
Require all denied
<Files "A">
Allow from all
Satisfy Any
</Files>
<Files "B">
Require all granted
Satisfy Any
</Files>
<Files "C">
Require all granted
</Files>
</Directory>
For this config, A
and B
work as expected (the files can be viewed without a login), but C
doesn't work.
The configuration for file A
(with allow
and satisfy
) is recommended by the 2.4 documentation (under "Another frequent use of the Satisfy directive is to relax access restrictions for a subdirectory").
The config for file B
is the obvious equivalent without allow
, but still requires a satisfy
, since the config for file C
doesn't work.
The problem is that satisfy
is deprecated in 2.5, so how do I get this to work for 2.5? RequireAny
only works within a single directory, unlike satisfy
, so doesn't seem to be the right answer. I haven't tested a RequireAny
that encloses all of AuthType
, Require valid-user
, and Require all granted
for every resource that has to be public - there must be a better way.