My .htaccess on Rackspace looks like this:
AuthType Basic
AuthName "Restricted Area"
AuthUserFile /path-to-htdocs/.htpasswd
Require valid-user
Now I would expect this to password protect the whole directory, however, it only protects files with .php extension! What is wrong with it? Is it something in the default http.conf that I cannot override? The path used to .htpasswd is correct as it accepts the user/passwd in the case of .php
Look in your httpd.conf file for any <Directory> directives that may be overriding your .htaccess instructions.
Also look at the files in /etc/httpd/conf.d/ directory (depending on which Linux distro you may be on), or wherever else you're keeping files that get included automatically.
Directives in httpd.con file have highest priority, and any directives you issue in .htaccess are only followed if they do not conflict with httpd.conf directives.
