Security using .htaccess & .htpasswd files w/ Apache?

  • stanman1
  • Born
  • Born
  • stanman1
  • Posts: 3
  • Loc: Boise, ID

Post 3+ Months Ago

I have Googled the snot out of how to recursively secure web site directories in Apache, and understand the process involved. I've tried to implement it on one of my VirtualHost sites, but I must be missing something because it isn't working.

The site I'm having the problem on is and the directory that should be secured is AP_Java. So the desired end result of this effort is that the URL would automatically prompt visitors to log in before allowing access. All I have in there now is a text file for testing purposes, and I have Directory Indexing disabled to help secure the server. For these reasons, to see what I'm talking about you'd need to access the text file directly via the URL The login prompt doesn't even show at all.

Here's a rundown on my server specs:
* LAMP support (L = RHEL ES 4, A = 2.0.52, M = 4.1.20, P = 4.3.9)
* Site publishing for individuals done via WebDAV

Here's what I've done to this point:

1. Created an .htpasswd file in a folder in the server's Apache root directory. (All 29 web sites are hosted on this same server through VirtualHosts in the Apache config. Because web server configs for each subdomain are handled through Apache includes, I can customize & tune specific options for each subdomain as needed based on individual hosting requirements.)

2. Created an .htaccess file in the AP_Java folder with the following contents (Some specific configs have been excluded for obvious, security reasons):

AuthUserFile /path-from-server-root/.htpasswd
AuthGroupFile /dev/null
AuthName "This directory is protected"
AuthType Basic
require user username

3. Gracefully restarted Apache for good measure

Any theories on why this isn't working correctly? TIA for any help you can give!


Post Information

  • Total Posts in this topic: 1 post
  • Users browsing this forum: No registered users and 6 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum

© 1998-2017. Ozzu® is a registered trademark of Unmelted, LLC.