.htaccess password protection not working in localhost

.htaccesshtpasswdlocalhost

I tried to implement htaccess password protection for a directory in my localhost.

My htaccess file is situated in /home/Server/Dev. The directory I want to protect is /Dev/. My .htaccess file has the following contents:-

AuthName "Restricted Area" 
AuthType Basic 
AuthUserFile /home/admin/.htpasswd 
AuthGroupFile /dev/null 
require valid-user

My .htpasswd file is situated in /home/admin/.htpasswd and has the following content:-

sparky:19m8GEYhMZvMY

But when I try accessing http://localhost/Dev/, password is not asked and the url is directly accessible. Can anyone please point out what I'm doing wrong.

Best Answer

This will most likely be because you have an AllowOverride statement that is disallowing access to .htaccess files. You will need to configure as a minimum

AllowOverride AuthConfig

within a <Directory> block for /home/Server/Dev

<Directory /home/Server/Dev >
    AllowOverride AuthConfig
    ...
</Directory>

Related Solutions

WordPress – Apache authentication inside a WordPress install

Try closing your browser and then trying to connect. You may have cached credentials that are being used.

If you have multiple secured directories with different passwords, use different values for the Authname.

EDIT: Try moving the Require outside the Limit statement. I always group the Auth definitions with the Require statement in the same block.

Your error seems to indicate the requested resource does not exist or is not readable. Try removing your rewrite modifications for admin. The standard rewrite rules work well with directories and files mixed into the Wordpress installation.

You may want to use a LimitExcept block instead of a Limit block to prevent access other than GET or POST. This is my working .htaccess file.

AuthType Basic
AuthName "Restricted Access"
AuthUserFile /etc/wordpress/htpasswd
Require Valid-User
<LimitExcept GET POST>
    Order allow,deny
    Deny from all
</LimitExcept>

Make sure the .ht* files are readable by the web server. I test unauthorized access by changing the user id in the htpasswd file to one I haven't used.

Apache htaccess passwd – ignoring correct login

This was a permissions issue - Apache was unable to access the auth file, so was treating everything as invalid.

Checking the logs revealed:

(13)Permission denied: Could not open password file: /home/user/.htpasswds/my-secret-dir/passwd

Turns out the /home/user/.htpasswds directory had existed before now, and had incorrect permissions on it.

I updated the permissions so Apache was able to access it, and then logging in worked as expected.

Best Answer

Related Solutions

WordPress – Apache authentication inside a WordPress install

Apache htaccess passwd – ignoring correct login

Related Topic