Have sub directory not be password protected using Apache's .htaccess

Question

Currently on my server I have a .htaccess file in the root of my web directory -

AuthUserFile /path/to/root/www/.htpasswd
AuthType Basic
AuthName "Economic Complexity Observatory"
Require valid-user`

And this works great properly password protecting my whole site. The only problem is that I have this one sub directory that I DON'T WANT to to be password protected. Is there a way to specify that one specific directory will be free of password protection?

Answer 1

There is a way just using .htaccess. I saw this answer elsewhere

Just create an .htaccess file in the non-password protected subdirectory with the content:

Satisfy any

and that's it.

It worked for me.

Answer 2

If you have access to httpd.conf you can use the following (the "directory" directive cannot be used in .htaccess):

<Directory />
AuthUserFile /path/to/root/www/.htpasswd
AuthType Basic
AuthName "Economic Complexity Observatory"
Require valid-user
</Directory>

<Directory /path/to/unprotected/dir>
Satisfy All
</Directory>

I am not aware of a way to do it with htaccess without putting a separate .htaccess in each directory excluding the directory that should not be protected.