I am using Ubuntu 12.04 and trying to use .htaccess on a page with apache2 server on it.
My .htaccess file looks like this:
AuthType Basic
AuthName "Password Required"
AuthBasicProvider file
AuthUserFile /home/janeb/.htpasswd
require valid-user
/home/janeb/.htpasswd file is:
inb351:$apr1$Ya4tzYvr$KCs3eyK1O2/c7Q9zRcwn..
and /etc/apache2/sites-available/default file is :
UserDir public_html
<Directory ~ "public_html/.*">
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
I restarted apache. I have tried to change require valid-user
to require user inb351
. Still no luck. I also tried AllowOverride
with AuthConfig
and AuthConfig Indexes
. So I don't know what else to do, and yes every step that I have tried I restarted apache.
Edit: The exact default file is:
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
UserDir disabled vmuser
UserDir public_html
<Directory ~ "public_html/*">
Options Indexes FollowSymLinks MultiViews
AllowOverride All
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
Best Answer
I suspect that the
apache
user isn't capable of reading/home/janeb/.htpasswd
. Check Apache's error log.That's the only thing I see wrong in the config that's provided, but that might not be the only problem; please provide your full virtual host config. I'd also recommend that you move the authentication config out of the
.htaccess
file - there's no reason for it to be there.EDIT:
The reason the
.htaccess
file isn't being applied is becauseAllowOverride All
isn't being applied to the path where your.htaccess
file resides.The
.htaccess
file needs to be applied at the same time as the<Directory>
blocks - ifAllowOverride
is specified in a<Directory ~ ...>
block then it happens after.htaccess
should have been applied. Since that doesn't work, the documentation specifically warns against it:Add a new block to your config to allow your
.htaccess
files to be used: