diff -urNp lighttpd-1.4.8/src/mod_auth.c lighttpd-new2/src/mod_auth.c
--- lighttpd-1.4.8/src/mod_auth.c	2005-11-15 10:29:48.000000000 +0000
+++ lighttpd-new2/src/mod_auth.c	2005-12-31 18:03:59.000000000 +0000
@@ -168,7 +168,7 @@ static int mod_auth_patch_connection(ser
 }
 #undef PATCH
 
-static handler_t mod_auth_uri_handler(server *srv, connection *con, void *p_d) {
+static handler_t mod_auth_subrequest_handler(server *srv, connection *con, void *p_d) {
 	size_t k;
 	int auth_required = 0, auth_satisfied = 0;
 	char *http_authorization = NULL;
@@ -193,11 +193,34 @@ static handler_t mod_auth_uri_handler(se
 	
 	/* search auth-directives for path */
 	for (k = 0; k < p->conf.auth_require->used; k++) {
+                data_string *use_physical;
 		if (p->conf.auth_require->data[k]->key->used == 0) continue;
-		
-		if (0 == strncmp(con->uri.path->ptr, p->conf.auth_require->data[k]->key->ptr, p->conf.auth_require->data[k]->key->used - 1)) {
-			auth_required = 1;
-			break;
+
+                req = ((data_array *)(p->conf.auth_require->data[k]))->value;
+                use_physical = (data_string *)array_get_element(req, "use_physical");
+                if (con->physical.path != NULL && con->physical.path->ptr != NULL && use_physical != NULL && 
+                    use_physical->value->ptr != NULL && strcmp(use_physical->value->ptr, "yes") == 0)
+                {
+                    char resolved_path[PATH_MAX];
+
+                    if (realpath(con->physical.path->ptr, resolved_path) == NULL) continue;
+                    if (strncmp(resolved_path, p->conf.auth_require->data[k]->key->ptr, 
+                                p->conf.auth_require->data[k]->key->used - 1) == 0)
+                    {
+                        auth_required = 1;
+                        break;
+                    }
+                }
+                else if (0 == strncmp(con->uri.path->ptr, p->conf.auth_require->data[k]->key->ptr, p->conf.auth_require->data[k]->key->used - 1)) 
+                {
+                    data_string *authority;
+                    authority = (data_string *)array_get_element(req, "authority");
+                    if (authority == NULL || authority->value->ptr == NULL ||
+                        strcmp(authority->value->ptr, con->uri.authority->ptr) == 0)
+                    {
+                        auth_required = 1;
+                        break;
+                    }
 		}
 	}
 	
@@ -384,7 +407,7 @@ SETDEFAULTS_FUNC(mod_auth_set_defaults) 
 		for (n = 0; n < da->value->used; n++) {
 			size_t m;
 			data_array *da_file = (data_array *)da->value->data[n];
-			const char *method, *realm, *require;
+			const char *method, *realm, *require, *authority, *use_physical;
 			
 			if (da->value->data[n]->type != TYPE_ARRAY) {
 				log_error_write(srv, __FILE__, __LINE__, "sssbs", 
@@ -393,7 +416,7 @@ SETDEFAULTS_FUNC(mod_auth_set_defaults) 
 				return HANDLER_ERROR;
 			}
 					
-			method = realm = require = NULL;
+			method = realm = require = authority = use_physical = NULL;
 					
 			for (m = 0; m < da_file->value->used; m++) {
 				if (da_file->value->data[m]->type == TYPE_STRING) {
@@ -403,6 +426,10 @@ SETDEFAULTS_FUNC(mod_auth_set_defaults) 
 						realm = ((data_string *)(da_file->value->data[m]))->value->ptr;
 					} else if (0 == strcmp(da_file->value->data[m]->key->ptr, "require")) {
 						require = ((data_string *)(da_file->value->data[m]))->value->ptr;
+					} else if (0 == strcmp(da_file->value->data[m]->key->ptr, "authority")) {
+						authority = ((data_string *)(da_file->value->data[m]))->value->ptr;
+					} else if (0 == strcmp(da_file->value->data[m]->key->ptr, "use_physical")) {
+						use_physical = ((data_string *)(da_file->value->data[m]))->value->ptr;
 					} else {
 						log_error_write(srv, __FILE__, __LINE__, "sssbs", "unexpected type for key: ", "auth.require", "[", da_file->value->data[m]->key, "](string)");
 						return HANDLER_ERROR;
@@ -462,6 +489,26 @@ SETDEFAULTS_FUNC(mod_auth_set_defaults) 
 				buffer_copy_string(ds->value, require);
 				
 				array_insert_unique(a->value, (data_unset *)ds);
+
+                                if (authority)
+                                {
+                                    ds = data_string_init();
+
+                                    buffer_copy_string(ds->key, "authority");
+                                    buffer_copy_string(ds->value, authority);
+
+                                    array_insert_unique(a->value, (data_unset *)ds);
+                                }
+
+                                if (use_physical)
+                                {
+                                    ds = data_string_init();
+
+                                    buffer_copy_string(ds->key, "use_physical");
+                                    buffer_copy_string(ds->value, use_physical);
+
+                                    array_insert_unique(a->value, (data_unset *)ds);
+                                }
 				
 				array_insert_unique(s->auth_require, (data_unset *)a);
 			}
@@ -609,7 +656,7 @@ int mod_auth_plugin_init(plugin *p) {
 	p->name        = buffer_init_string("auth");
 	p->init        = mod_auth_init;
 	p->set_defaults = mod_auth_set_defaults;
-	p->handle_uri_clean = mod_auth_uri_handler;
+	p->handle_subrequest_start = mod_auth_subrequest_handler;
 	p->cleanup     = mod_auth_free;
 	
 	p->data        = NULL;