Ubuntu – .htaccess does not ask the password

.htaccessapache-2.2Ubuntu

I am using Ubuntu 12.04 and trying to use .htaccess on a page with apache2 server on it.
My .htaccess file looks like this:

AuthType Basic
AuthName "Password Required"
AuthBasicProvider file
AuthUserFile /home/janeb/.htpasswd
require valid-user

/home/janeb/.htpasswd file is:

inb351:$apr1$Ya4tzYvr$KCs3eyK1O2/c7Q9zRcwn..

and /etc/apache2/sites-available/default file is :

UserDir public_html
<Directory ~ "public_html/.*">
        Options Indexes FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny
        allow from all  
</Directory>

I restarted apache. I have tried to change require valid-user to require user inb351. Still no luck. I also tried AllowOverride with AuthConfig and AuthConfig Indexes. So I don't know what else to do, and yes every step that I have tried I restarted apache.

Edit: The exact default file is:

<VirtualHost *:80>
ServerAdmin webmaster@localhost

DocumentRoot /var/www
<Directory />
    Options FollowSymLinks
    AllowOverride None
</Directory>
<Directory /var/www/>
    Options Indexes FollowSymLinks MultiViews
    AllowOverride None
    Order allow,deny
    allow from all
</Directory>
    UserDir disabled vmuser
    UserDir public_html
<Directory ~ "public_html/*">
    Options Indexes FollowSymLinks MultiViews
    AllowOverride All
</Directory>

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
    AllowOverride None
    Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
    Order allow,deny
    Allow from all
</Directory>

ErrorLog ${APACHE_LOG_DIR}/error.log

# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn

CustomLog ${APACHE_LOG_DIR}/access.log combined

Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
    Options Indexes MultiViews FollowSymLinks
    AllowOverride None
    Order deny,allow
    Deny from all
    Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>

Best Answer

I suspect that the apache user isn't capable of reading /home/janeb/.htpasswd. Check Apache's error log.

That's the only thing I see wrong in the config that's provided, but that might not be the only problem; please provide your full virtual host config. I'd also recommend that you move the authentication config out of the .htaccess file - there's no reason for it to be there.

EDIT:

The reason the .htaccess file isn't being applied is because AllowOverride All isn't being applied to the path where your .htaccess file resides.

The .htaccess file needs to be applied at the same time as the <Directory> blocks - if AllowOverride is specified in a <Directory ~ ...> block then it happens after .htaccess should have been applied. Since that doesn't work, the documentation specifically warns against it:

AllowOverride is valid only in <Directory> sections specified without regular expressions, not in <Location>, <DirectoryMatch> or <Files> sections.

Add a new block to your config to allow your .htaccess files to be used:

<Directory /home>
    AllowOverride All
</Directory>
Related Topic