This is a portion of /etc/apache2/sites-enabled/000-default that I'm attempting to limit posting to a particular directory:
<Directory /var/www/blog/wp-content/uploads/> AuthType Basic AuthName "Passwords required for file upload:" AuthUserFile /home/blog/legalpasswordfile # Allow anyone to GET, but require password for posting <Limit POST> Require valid-user </Limit> </Directory> Should this work? The goal is to allow anyone to be able to bring up content in that directory from WordPress (GET, etc) but if you want to upload a picture you need to supply a legal password. I've also posted to the WordPress support site to ask if I'm misunderstanding how WordPress handles upload security. /brian chee