How to use basic auth for single file in otherwise forbidden Apache directory?
Try this:
<Directory /var/www/html/admin>
<Files allowed.php>
AuthType basic
AuthName "private area"
AuthUserFile /home/webroot/.htusers
Require user admin1
</Files>
order allow,deny
deny from all
satisfy any
</Directory>
Files nested inside a Directory will only apply therein so your code block is more logically organized, and I think using the 'Satisfy any' will allow them to be merged as planned. I'm not sure if it's actually required so try it with and without the satisfy line...
I'm not sure the solution with <Files xxx>
actually works well, as the Require doc page states that it doesn't apply to Files
Context: directory, .htaccess
Instead what the apache doc suggests is to create a separate directory for the file:
Removing controls in subdirectories
The following example shows how to use the Satisfy directive to disable access controls in a subdirectory of a protected directory. This technique should be used with caution, because it will also disable any access controls imposed by mod_authz_host.
<Directory /path/to/protected/>
Require user david
</Directory>
<Directory /path/to/protected/unprotected>
# All access controls and authentication are disabled
# in this directory
Satisfy Any
Allow from all
</Directory>