3

I am loosing hours with this (should-be) simple task. I want to restrict access to my website, which is on my server in /var/www/.

I've created /etc/apache2/passwords file with httpasswd successfuly (user primoz). I've put .htaccess in /var/www/ and this is the content:

AuthType Basic AuthName "RestrictedFiles" AuthBasicProvider file AuthUserFile /etc/apache2/passwords Require user primoz

My website is still accessible. I also tried editing the /etc/apache2/sites-enabled/000-default - line AllowOverride None to AllowOverride All. No need to mention that it didn't make any changes.

Should restricting really be this frustrating?

EDIT: /etc/apache2/httpd.conf is empty by default because I run server on Debian - which uses apache2.conf instead.

Here is the whole apache2.conf.

Improve this question
4
  • From the sounds of it, it seems that your .htaccess is just not enabled. Is this line: LoadModule rewrite_module modules/mod_rewrite.so uncommented in your httpd.conf? Commented Oct 24, 2012 at 15:40
  • /etc/apache2/httpd.conf is empty and AFAIK is not used anymore by apache. Though I have tried enabling rewrite with sudo a2enmod but also this doesn't solve it :) Commented Oct 24, 2012 at 15:41
  • Are you closing your browser and re-opening before testing this auth each time? Commented Oct 24, 2012 at 15:47
  • No I didn't try that before. I tried it just now and it doesn't help. Commented Oct 24, 2012 at 15:50

3 Answers 3

Reset to default
4

I was able to resolve this. The configuration in /etc/apache2/sites-enabled/000-default had AllowOverride None instead of AllowOverride All.

I was sure I changed this but I guess I reverted the file when it didn't work (don't remember why - probably something else was misconfigured). Anyways, the first paragraph is the solution.

Improve this answer
3

Enable .htaccess through httpd.conf and then put this code in your .htaccess under DOCUMENT_ROOT directory:

AuthType Basic AuthName "RestrictedFiles" AuthUserFile /etc/apache2/passwords Require valid-user

Also make sure mod_authn_core is enabled.

Improve this answer
1
  • I am using Apache 2.2.* and httpd.conf is empty. Also, authn_core doesn't exist via a2enmod! Commented Oct 24, 2012 at 15:53
1

Just looking at mine (which is in use):

AuthUserFile /var/www/www.site.com/htdocs/.htpasswd AuthName Password_secure AuthType Basic require valid-user

You should also edit your apache2.conf and make sure the following are enabled:

LoadModule rewrite_module modules/mod_rewrite.so

And the options/allows:

<Directory /your/path> Options FollowSymLinks AllowOverride All Order deny,allow Deny from all Satisfy all </Directory>

If it's for a virtual host, then this block needs to sit within <VirtualHost></VirtualHost> tags.

Beyond these, It's difficult to see what causing you issues without looking at the full apache2.conf

Improve this answer
4
  • I think my .htaccess is OK. It' just not enabled and I don't know how to enable it. Commented Oct 24, 2012 at 15:55
  • If I put AllowOverride All in apache2.conf and restart the server, it says Syntax error on line 38 of /etc/apache2/apache2.conf: AllowOverride not allowed here. I will put the whole apache2.conf in my question, please review it. Thanks! Commented Oct 24, 2012 at 16:11
  • See my edit - needs to be put in directory tags. Commented Oct 24, 2012 at 16:16
  • I had put this in apache2.conf but - no changes, again! Commented Oct 24, 2012 at 16:19

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.