Results 1 to 4 of 4
Enjoy an ad free experience by logging in. Not a member yet? Register.
.htaccess password protection does not show up
i used Dynamic Drive: .htaccess password generator to generate code for .htaccess and .htpasswd
and i pasted it into my folder
but its not protected, no password prompt
AuthName "Restricted Area" AuthType Basic AuthUserFile /home/mysite/.htpasswd AuthGroupFile /dev/null require valid-user
/home/mysite/.htpasswd i made double sure its correct folder.
here it is
[root@vps munin]# pwd /var/www/munin [root@vps munin]# ls -la total 40 drwxr-xr-x 4 munin munin 4096 Apr 2 20:16 . drwxr-xr-x 8 munin munin 4096 Apr 2 19:21 .. -rw-r--r-- 1 munin munin 127 Apr 2 20:16 .htaccess -rw-r--r-- 1 munin munin 20 Apr 2 20:16 .htpasswd drwxr-xr-x 2 munin munin 4096 Apr 2 19:01 cgi -rw-r--r-- 1 munin munin 2555 Apr 2 19:00 definitions.html -rw-r--r-- 1 munin munin 1464 Apr 2 20:15 index.html drwxr-xr-x 2 munin munin 4096 Apr 2 19:00 localhost -rw-r--r-- 1 munin munin 473 Apr 2 19:00 logo.png -rw-r--r-- 1 munin munin 3538 Apr 2 19:05 style.css
- Join Date
- Dec 2013
- Victoria, B.C. Canada
I don't know if it has anything to do with it but usually Require is capitalized. I don't know if caps count. Have you looked in your logs or run apachectl configtest?
- Join Date
- Jun 2012
- SF Bay area
I'm not sure why your config isn't resulting in a user/password challenge screen either. But I have a couple of suggestions that might help you get to a working configuration.
First, read this page and see if it clears anything up.
Apache HTTP Server Tutorial: .htaccess files - Apache HTTP Server
And a couple of key points from that page I'll call out... First, using an ".htaccess" file for configuring an Apache server is generally your fallback when there's some reason you can add the logic to the Apache configuration files. And that's probably more important with authentication than any other sorts of configs.
So I'd recommend moving the authentication stuff into the appropriate "<Directory>" section in the Apache config instead of putting it in a ".htaccess" file.
But if there's a reason you have to use ".htaccess", here's a couple of things to consider.
First, you have to make sure the Apache configuration allows ".htaccess" files to be used and specifically that they allow authentication. Check the page I link for info, but it means looking for "Override" statements in the Apache config. If the ".htaccess" file isn't allowed to override the authentication settings in the Apache config, it will never work.
And second, your config line say the AuthUserFile file is in "/home/mysite/.htpasswd" but the "pwd" in your screen capture shows "/var/www/munin" as the directory. So unless the home directory for "munin" is "/var/www/munin" then they don't match.
And finally, it's a bad idea to have the AuthUserFile in your document root. It shouldn't be someplace where people could request it from the webserver.
It was indeed that httpd.conf did not allowed any .htaccess to set any rules. (AllowOverride None)
<Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory "/var/www/html"> Options FollowSymLinks Order allow,deny Allow from all </Directory>
but in any other folders like /var/www/munin its not allowed to execute any rules from .htaccess..
so i added this:
<Directory /var/www/munin> Options FollowSymLinks AllowOverride All </Directory>