Void's Forums

[ZiaTioN]

I have been messing around with password protecting a directory on a web page I am working on for work and have created the neccessary .htaccess and .htpasswd files and set the username and password and such. Now when I browser to an html file I have in the protected directory it shows up without being prompted for a username or password.

Is there something in the apache httpd.conf file I need to set to allow the proper parsing of these files? Anyone know why this would not be working?

My .htaccess file looks like the follwoing:

AuthUserFile /var/www/passwd/.htpasswd
AuthGroupFile /dev/null
AuthName Protected
AuthType Basic
require user <username>

I created the .htpasswd file in a directory outside of my webroot so as to not have a security incident. I used the htpasswd app to create the encrypted password and file. Is there something else I am missing?

[Void Main]

Yes, in your directory configuration in httpd.conf you need to have "AllowOverride All" (or just "AllowOverride AuthConfig" if you want to limit only to authentication). For instance, if you want to be able to use htaccess files anywhere under your web root to restrict access you can find the section in your httpd.conf that starts with "<Directory "/var/www/html"> and under it you add "AllowOverride All", reload Apache and your .htaccess files should now work.

[ZiaTioN]

That did the trick. Thanks a bunch!