So if you want to protect a website with .htaccess and .htpasswd basically you will use
AuthType Basic
AuthName “Password Protected Area”
AuthUserFile /path/.htpasswd
Require valid-user
If you want a subdirectory to be excluded from auth like .well-known , for lets encrypt then a easy way it to create a .htaccess on .well-known directory and place in it
Satisfy any
Other version is to insert into vhosts
<Location /.well-known>
Require all granted
</Location>Another one is to add
SetEnvIf Request_URI “path/to/excluded/directory/” allow
SetEnvIf Request_URI “path/to/excluded/file” allow
Order allow,deny
Allow from env=allow
Satisfy any
And anothe one is to add
Require expr %{REQUEST_URI} =~ m#^/.well-known/acme-challenge/#
Before require valid user
