Find the answer to your Linux question:
Results 1 to 4 of 4
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    .htaccess password protection does not show up


    i used Dynamic Drive: .htaccess password generator to generate code for .htaccess and .htpasswd

    and i pasted it into my folder

    but its not protected, no password prompt

    AuthName "Restricted Area" 
    AuthType Basic 
    AuthUserFile /home/mysite/.htpasswd 
    AuthGroupFile /dev/null 
    require valid-user

    /home/mysite/.htpasswd i made double sure its correct folder.

    here it is
    [root@vps munin]# pwd
    [root@vps munin]# ls -la
    total 40
    drwxr-xr-x 4 munin munin 4096 Apr  2 20:16 .
    drwxr-xr-x 8 munin munin 4096 Apr  2 19:21 ..
    -rw-r--r-- 1 munin munin  127 Apr  2 20:16 .htaccess
    -rw-r--r-- 1 munin munin   20 Apr  2 20:16 .htpasswd
    drwxr-xr-x 2 munin munin 4096 Apr  2 19:01 cgi
    -rw-r--r-- 1 munin munin 2555 Apr  2 19:00 definitions.html
    -rw-r--r-- 1 munin munin 1464 Apr  2 20:15 index.html
    drwxr-xr-x 2 munin munin 4096 Apr  2 19:00 localhost
    -rw-r--r-- 1 munin munin  473 Apr  2 19:00 logo.png
    -rw-r--r-- 1 munin munin 3538 Apr  2 19:05 style.css
    its there, but not show up any password window on that page..

  2. #2
    Linux Guru
    Join Date
    Dec 2013
    Victoria, B.C. Canada
    I don't know if it has anything to do with it but usually Require is capitalized. I don't know if caps count. Have you looked in your logs or run apachectl configtest?

  3. #3
    Linux User
    Join Date
    Jun 2012
    SF Bay area
    I'm not sure why your config isn't resulting in a user/password challenge screen either. But I have a couple of suggestions that might help you get to a working configuration.

    First, read this page and see if it clears anything up.

    Apache HTTP Server Tutorial: .htaccess files - Apache HTTP Server

    And a couple of key points from that page I'll call out... First, using an ".htaccess" file for configuring an Apache server is generally your fallback when there's some reason you can add the logic to the Apache configuration files. And that's probably more important with authentication than any other sorts of configs.

    So I'd recommend moving the authentication stuff into the appropriate "<Directory>" section in the Apache config instead of putting it in a ".htaccess" file.

    But if there's a reason you have to use ".htaccess", here's a couple of things to consider.

    First, you have to make sure the Apache configuration allows ".htaccess" files to be used and specifically that they allow authentication. Check the page I link for info, but it means looking for "Override" statements in the Apache config. If the ".htaccess" file isn't allowed to override the authentication settings in the Apache config, it will never work.

    And second, your config line say the AuthUserFile file is in "/home/mysite/.htpasswd" but the "pwd" in your screen capture shows "/var/www/munin" as the directory. So unless the home directory for "munin" is "/var/www/munin" then they don't match.

    And finally, it's a bad idea to have the AuthUserFile in your document root. It shouldn't be someplace where people could request it from the webserver.

  4. $spacer_open
  5. #4
    It was indeed that httpd.conf did not allowed any .htaccess to set any rules. (AllowOverride None)

    <Directory />
        Options FollowSymLinks
        AllowOverride None
    <Directory "/var/www/html">
        Options FollowSymLinks
        Order allow,deny
        Allow from all
    as you see in /var/www/html, i assume Override is allowed (when not forbidden)
    but in any other folders like /var/www/munin its not allowed to execute any rules from .htaccess..

    so i added this:
    <Directory /var/www/munin>
        Options FollowSymLinks
        AllowOverride All
    and auth started working.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts