2

I have three dirs in /var/www/html, one of them has .htacces with following:

Order Allow, Deny
Allow from all
AuthUserFile /var/www/.htpasswd
AuthGroupFile /dev/null
AuthName 'lalalal'
AuthType Basic

Require user lala

When sending request to that dir, server returns 403 instead of 401.
When requesting other dirs, server returns 200.
What is also interesting is that when checking server-info page, there is not a single line refering to protected dir, nor its siblings.

Edit

Error log shows:
'Permission denied: /var/www/html/drugi/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable'
.htaccess file has 644 permissions.

mkvcvc
  • 125
  • 5

2 Answers2

2
Order Allow, Deny
Allow from all

These are not required if you're using HTTP authentication and you can get rid of them. (And Order breaks if there is whitespace after the comma.)

BTW, it's a good idea to keep your htpasswd file outside the web documents directory.

Since you've updated your question with additional information, I would say that you should also check the permissions in the directory with ls -alZ to check both the Unix permissions and the SELinux contexts.

Michael Hampton
  • 244,070
  • 43
  • 506
  • 972
  • I've added them after first encountering the issue, thinking that there is a directive somewhere overriding this .htaccess file. My web root is actually /var/www/html and this is just testing, but thanks for the heads-up anyway. – mkvcvc Jul 28 '12 at 21:53
2

The 403 suggests that there is a permissions error. Check that the apache user has permission to read the .htaccess file and that is has traverse permission on the drugi directory tree, so that would be r-x for other (if it isn't owned by apache)or r-x for owner/group if it is owned by apache or it's group.

user9517
  • 115,471
  • 20
  • 215
  • 297
  • Both directory and containing htaccess have apache:apache as owner. And I've tried setting 755 permissions to both of them to no avail. – mkvcvc Jul 28 '12 at 22:38