I am loosing hours with this (should-be) simple task. I want to restrict access to my website, which is on my server in /var/www/.
I've created /etc/apache2/passwords file with httpasswd successfuly (user primoz). I've put .htaccess in /var/www/ and this is the content:
AuthType Basic
AuthName "RestrictedFiles"
AuthBasicProvider file
AuthUserFile /etc/apache2/passwords
Require user primoz
My website is still accessible.
I also tried editing the /etc/apache2/sites-enabled/000-default – line AllowOverride None to AllowOverride All. No need to mention that it didn't make any changes.
Should restricting really be this frustrating?
EDIT:
/etc/apache2/httpd.conf is empty by default because I run server on Debian – which uses apache2.conf instead.
Here is the whole apache2.conf.
Best Answer
Enable .htaccess through
httpd.conf
and then put this code in your.htaccess
underDOCUMENT_ROOT
directory:Also make sure mod_authn_core is enabled.