ok, it just hit me that my last response was probably too academic for your needs. this part escaped me...
> Apache does all that but only against its files, not against application > generated requests. > Anyway if I do this inside of my <directory> tag: > All requests are going through and my Auth requests for 401 Authentication > are not validated and fail. <Directory> is a filesystem-based container, but it is only one of several ways to configure your server. see also <Location> and <LocationMatch> for URI-based configuration and even <Files> and <FilesMatch> for filename-based configuration. between all of them, and a basic understanding of how the different containers merge, you can effectively apply the Require directive only to the parts of the configuration that you want. see http://httpd.apache.org/docs/sections.html for some helpful guidelines. --Geoff
