I have a web server running on ClearOs 6. I would like to protect a couple of directories using .htaccess, but I do not seem to be prompted for a password at all. Relevant bits of conf file are:
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule authn_file_module modules/mod_authn_file.so
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory "/var/www/html">
Order allow,deny
Allow from all
</Directory>
AccessFileName .htaccess
<Files ~ "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</Files>
LogLevel debug
<Directory "/var/www/icons">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<Directory "/var/www/cgi-bin">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
<VirtualHost *:80>
DocumentRoot /var/www/html
ErrorLog /var/log/httpd/error_log
CustomLog /var/log/httpd/access_log combined
</VirtualHost>
<Directory /var/www/html>
Options +Indexes +FollowSymLinks +IncludesNOExec
AllowOverride All
Order deny,allow
Allow from all
AddType text/html .php
AddHandler php5-script .php
</Directory>
My .htaccess file in folder /var/www/html/hidden looks like this:
AuthName "Restricted Area"
AuthUserFile /var/www/users
AuthGroupFile /var/www/group
AuthName ByPassword
Authtype Basic
Require user johnsmith
/var/www/users:
johnsmith:GibberishChangedForHackers
/var/www/group is empty.
If I attempt to access hidden/index.html, I am allowed access with no password prompt. The error log says nothing. The access log shows a normal access.
If, instead of using .htaccess, I add the same auth directives in a <Directory /var/www/html/hidden> element, I am asked for a password, ao authorisation does actually work.
If I add an invalid directive to .htacess, I get a server error, and an entry in the error log, so .htaccess is getting parsed by Apache.
