restrict access to everything but the default-document

i want to restrict access to everything in a directory with basic
authentication. this works.
i also want everybody to be able to see the default document of the
directory (index.htm in this case) without being prompted for
authentication. this also works.

what i came up with is a .htaccess-file looking like this:

# start of .htaccess
<Files index.htm>
allow from all
satisfy any
</Files>

AuthUserFile PATH-TO-.HTPASSWD
AuthName Name
AuthType Basic
require user USERNAME
# end of .htaccess

this works if i call up www.foo.bar/index.htm
but it does not if i call www.foo.bar/

how can i exclude the directory-root (or whatever this is called) from
authentication so that a visitor could be redirected to the
unprotected default-document?
currently, if i call www.foo.bar/ it asks for authentication and if
correct displays the unprotected index.htm - otherwise a 403 error -
but i want it to display index.htm without authentication and without
calling the explicit URL of index.htm

i'm thankful for any hints,
patrick

On 2004-10-26, Patrick Zesar <pzesar DeleteThis @gmail.com> wrote:
 > how can i exclude the directory-root (or whatever this is called) from
 > authentication so that a visitor could be redirected to the
 > unprotected default-document?

The problem is in the way apache retrive the default document, to do so
he first have to 'scan' the directory, to 'scan' the directory he need
to read all the files in it, to do so, he need authorization. Hence the
authorization window. Unless you hack into mod_auth I don't see a real
option here.

Davide

--
Linux: the dot in "dot org". -- From a Slashdot.org post<!-- ~MESSAGE_AFTER~ -->