6

I've created an e-commerce site that uses paypal to accept payment. I am in the testing phase so I have password protected the entire site using htaccess. The trouble is that I am using IPN to verify PayPal payments and therefor my IPN script needs to be publicly accessible so that PayPal can communicate with it.

Is there a way to password protect the entire website except allow public access to 1 script file? (my ipn script file)

I'm using PHP and here is my .htaccess that I'm using to password protect the entire site:

AuthName "Site Administratrion"
AuthUserFile /dir/.htpasswd
AuthGroupFile /dev/null

AuthName secure
AuthType Basic
require user username1
order allow,deny
allow from all
justinl
  • 10,448
  • 21
  • 70
  • 88

1 Answers1

9

Put the IPN script in a subdirectory with its own .htaccess that explicitly disables HTTP authentication for the contents of that folder?

Amber
  • 507,862
  • 82
  • 626
  • 550
  • I wasn't sure how to disable the authentication. I tried putting it in its own folder with a blank .htaccess but it didn't change anything. Does anyone know how to disable password protection on a subdirectory? – justinl Sep 16 '09 at 06:47
  • I have asked this question on stackoverflow here: http://stackoverflow.com/questions/1431378/how-to-remove-htaccess-password-protection-from-a-subdirectory If someone can provide me with the answer to that one, I will mark this answer as my accepted solution. – justinl Sep 16 '09 at 06:57
  • 2
    the .htaccess file that goes in the subdirectory needs to have "Satisfy Any" in it. Answered question can be found here: http://stackoverflow.com/questions/1431378/how-to-remove-htaccess-password-protection-from-a-subdirectory – justinl Sep 16 '09 at 07:06
  • Glad you got what you needed. – Amber Sep 16 '09 at 09:46