I have a web server running on ClearOs 6. I would like to protect a couple of directories using .htaccess, but I do not seem to be prompted for a password at all.
Relevant bits of conf file are:LoadModule auth_basic_module modules/mod_auth_basic.so LoadModule auth_digest_module modules/mod_auth_digest.so LoadModule authn_file_module modules/mod_authn_file.so <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory "/var/www/html"> Order allow,deny Allow from all </Directory> AccessFileName .htaccess <Files ~ "^\.ht"> Order allow,deny Deny from all Satisfy All </Files> LogLevel debug <Directory "/var/www/icons"> Options Indexes MultiViews FollowSymLinks AllowOverride None Order allow,deny Allow from all </Directory> <Directory "/var/www/cgi-bin"> AllowOverride None Options None Order allow,deny Allow from all </Directory> <VirtualHost *:80> DocumentRoot /var/www/html ErrorLog /var/log/httpd/error_log CustomLog /var/log/httpd/access_log combined </VirtualHost> <Directory /var/www/html> Options +Indexes +FollowSymLinks +IncludesNOExec AllowOverride All Order deny,allow Allow from all AddType text/html .php AddHandler php5-script .php </Directory>
My .htaccess file in folder /var/www/html/hidden looks like this:
AuthName "Restricted Area" AuthUserFile /var/www/users AuthGroupFile /var/www/group AuthName ByPassword Authtype Basic Require user johnsmith
/var/www/users:
johnsmith:GibberishChangedForHackers
/var/www/group is empty.
If I attempt to access hidden/index.html, I am allowed access with no password prompt. The error log says nothing. The access log shows a normal access.
If, instead of using .htaccess, I add the same auth directives in a
<Directory /var/www/html/hidden>
element, I am asked for a password, ao authorisation does actually work.If I add an invalid directive to .htacess, I get a server error, and an entry in the error log, so .htaccess is getting parsed by Apache.
Answer
Attribution
Source : Link , Question Author : Nikki Locke , Answer Author : Community