.htaccess not working on Cent Os 6.4

.htaccesscentos6.4httpd.conf

I have installed Cent Os 6.4 -Final Version and set the environment for PHP web development.

My application uses the .htaccess for url rewrite & denying direct access of files.

my configuration file of httpd – /etc/httpd/conf/httpd.conf as below,

<Directory "/var/www/html">

#
# Possible values for the Options directive are "None", "All",
# or any combination of:
#   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important.  Please see
# http://httpd.apache.org/docs/2.2/mod/core.html#options
# for more information.
#
    Options Indexes FollowSymLinks

#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
#   Options FileInfo AuthConfig Limit
#
    AllowOverride None

#
# Controls who can get stuff from this server.
#
    Order allow,deny
    Allow from all

</Directory>

When I changed the AllowOverride None to AllowOverride All , it asks for authentication. So it doesn't work for me and gave error as below,

This server could not verify that you are authorized to access the document requested.

Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.

My .htaccess looks like, 

deny from all

Best Answer

With an AllowOverride None setting in the httpd.conf the .htaccess file is completely ignored. So you have to change that setting.

When .htaccess files are allowed, apache will check each directory from the DocumentRoot down for the existance of a .htaccess file AND will apply the settings there, before desccending down to the next directory and the .htaccess file there.

E.g. ./www/.htaccess is set to "deny from all" the visitor trying to access /scripts/test/hello-world.php will be rejected, despite ./www/scripts/test/.htaccess possibly having been set to "allow from all".

So if it's not your PHP scripts asking for authentication, you may want to check the higher level directories for .htaccess files.

Related Topic