Link to home
Start Free TrialLog in
Avatar of coson
coson

asked on

Basic .htaccess problem??

Good Day,

I've setup my .htaccess file

AuthUserFile /my/directory/.htpasswd
AuthGroupFile /dev/null
AuthName TestSite
AuthType Basic
require valid-user

I've setup the .htpasswd

/some/path/2/file/htpasswd .htpasswd testuser
and entered in my password

does anyone have a reason as why I can still get in to my website without authentication?
ASKER CERTIFIED SOLUTION
Avatar of salinasj
salinasj

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of salinasj
salinasj

specifically, look at this part:

require valid-user
order deny,allow
deny from all
first, try this:
edit your httpd.conf file
find the lines that say
User {something here}
Group {something here}

for this example, i will assume it says apache for both
next, exit httpd.com

change to the parent of your document root
cd /var/www

change user.group ownership of the document root tree to apache
chown apache.apache -R html

change permissions of the document root tree to read.write.execute only by apache
chmod 700 -R html

change user.group ownership of your .htpassword file to apache
chown apache.apache .htpasswd

change permissions of your .htpasswd file to read.write only by apache
chmod 600 .htpasswd

next, just for grins, restart apache
service httpd restart


if that doesn't do it, then try this:

edit your httpd.conf file
look at the link i posted for you above.
don't look at the accepted answer, look at my first post.
you will see this:
  <Directory "/var/www/html/admin">
          AuthUserFile /var/www/.htpasswd
          AuthGroupFile /dev/null
          AuthName "Restricted Area"
          AuthType Basic
          require user coson
  </Directory>

put that in your httpd.conf file near end of file somewhere, exit and save.
then do these commands:

htpasswd -c /var/www/.htpasswd coson
(type in your password)
* also do the ownership and permissions steps from above here *
service httpd restart

then try to go to that directory in your browser
(ie: www.mydomain.com/admin/)


both methods should work, but don't use both at same time.
try one. if it doesn't work, try the other.
if neither one works, then there is some other setting preventing it
or something messed up in your httpd.conf file.