enable .htaccess files within ssl.conf

i'm trying to use htaccess files on my secure site but i can't get them to work, i was hoping someone could tell me how to edit the file to allow a subdirectory to be password protected

i.e.  html/secure_dir/

my ssl.conf file roughly looks like this

<IfDefine SSL>
Listen 443

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

#   Pass Phrase Dialog:
#   Configure the pass phrase gathering process.
#   The filtering dialog program (`builtin' is a internal
#   terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog  builtin

#   Inter-Process Session Cache:
#   Configure the SSL Session Cache: First the mechanism
#   to use and second the expiring timeout (in seconds).
#SSLSessionCache        none
#SSLSessionCache        shmht:logs/ssl_scache(512000)
#SSLSessionCache        shmcb:logs/ssl_scache(512000)
SSLSessionCache         dbm:logs/ssl_scache
SSLSessionCacheTimeout  300

#   Semaphore:
#   Configure the path to the mutual exclusion semaphore the
#   SSL engine uses internally for inter-process synchronization.
SSLMutex  file:logs/ssl_mutex

SSLRandomSeed startup builtin
SSLRandomSeed connect builtin

<VirtualHost XXX.XXX.XXX.XXX:443>

#  General setup for the virtual host

DocumentRoot "/usr/local/apache/domain/html"
ServerName www.domain.com:443
ServerAdmin admin@domain.com
ErrorLog /usr/local/apache/domain/logs/ssl_error_log
TransferLog /usr/local/apache/domain/logs/ssl_access_log

certificate crap

<Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars +

SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"


Who is Participating?
gripeConnect With a Mentor Commented:
Do you have an AllowOverride directive set to 'none' somewhere in your config that is cascading down to your Virtual hosts? You may need to set a <Directory> block and 'AllowOverride all' (or whatever .htaccess directives you'd like to allow) on the directory you want to use.
Here is an example of how to configure an .htaccess file to allow for authentication:

AuthType Basic
AuthName "Password Required"
AuthUserFile /www/passwords/password.file
AuthGroupFile /www/passwords/group.file
Require Group admins

Note that you must use htpasswd to set up your password file with the appropriate users.

What is the problem you're seeing exactly? Could you post the contents of the .htaccess file you're trying to use?

philjones85Author Commented:
i haven't seen any documentation that adds directories to the ssl.conf file, i didn't know you could do that.

that was the problem though, i added:

<Directory "/">
        AllowOverride All
        Options FollowSymLinks
        Order allow,deny
        Allow from all

to the ssl.conf file and it works fine now, thanks.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.