.htaccess. deny root, allow specific subfolder. Possible?

How about a .htaccess at the root directory, with the following lines?

RewriteEngine On
# check if request is for subdomain
RewriteCond %{HTTP_HOST} ^sub.mydomain.com$ [NC]
# check if  'test' isnt part of request
RewriteCond %{REQUEST_URI} !^/test/?(.*)$ [NC]
# if subdomain and no 'test' part, redirect to main domain...
RewriteRule ^(.*)$ http://www.mydomain.com/$1 [R,L]

So if the '/test/' section is present, no redirect takes place...

Try create .htaccess file in sub.mydomain.com for deny, and in sub.mydomain.com/test for allow.

Or you can redirect from http://sub.mydomain.com/ to deny subdir.

I know this is a very old thread, but I've been struceling with exactly this scenario for several days and finally got it to work, thus I thought I'd share my solution for further reference.

As of Apache version 2.4 (I guess), it's possible to use directive <RequireAll> and <RequireAny>. This can be used to allow access to specific subfolders.

My solution for .htaccess (inspired from this site: https://www.the-art-of-web.com/system/apache-authorization/):

SetEnvIf REQUEST_URI "^/test/.*" PUBLICACCESS
# Use for multiple subfolders:
# SetEnvIf REQUEST_URI "^/(?:test|test2|test3|test4)/.*" PUBLICACCESS
<RequireAny>
    <RequireAll>
        # Public access
        Require env PUBLICACCESS
        Require all granted
    </RequireAll>
    <RequireAll>
        # Require user and password
        AuthType Basic
        AuthName "Secured"
        AuthUserFile /var/www/example.com/.htpasswd
        Require valid-user
    </RequireAll>
</RequireAny>

.htaccess directives apply to that directory, and all subdirectories thereof, so you should disallow access in your DocumentRoot,

http://sub.mydomain.com/.htaccess:

Order deny,allow
Deny from all

And override that in any specific subdirectories you would like to allow access to,

http://sub.mydomain.com/test/.htaccess:

Order allow,deny
Allow from all