0

I have an Ubuntu 14.04 server, which I have had set up for a fews years with little adjustments. On the server I have a directory Movies which has a .htaccess file in it that requires authentication for viewing. Without touching the server or any files, the authentication from the .htaccess file in the /Movies is now being applied to the root, / and all of its subfolders. The .htaccess file does not contain any BasicAuth (Only the file in the /Movies directory.

How did this happen or more importantly, what can I do to fix this? The BasicAuth has worked great for years in the /Movies folder with it not asking for authentication from the root or other folders. I have checked the .htaccessand site config files and nothing has changed.

Here is the relevant chunk of the .htaccess file in question (/Movies/.htaccess):

AuthType Basic
AuthName "Movies"
AuthUserFile /var/www/Movies/.htpasswd
Require valid-user
Satisfy    any
Order      deny,allow
Deny from  all
Allow from env=ALLOWED
Allow from env=ALLOWED2
Stephen Cioffi
  • 837
  • 1
  • 7
  • 8
  • Can you post the contents of the suspect .htaccess file ? – Felix Jen Feb 11 '16 at 00:36
  • @FelixJen Updated – Stephen Cioffi Feb 11 '16 at 03:11
  • the very design of .htaccess is meant to isolate from higher scopes... i.e. its settings only apply to the directory hosting the file and sub-directories underneath. So it is not likely that your root is inheriting from a lower scope (/Movies/.htaccess), unless your site config or root .htaccess has an Include statement pointing to /Movies/.htaccess... which would be odd. Does your site config or root .htaccess have its own Auth settings? or any Rewrites, Redirects, Aliases...etc. that may be redirecting or mapping down into /Movies? Any clues from access or error logs? – Brandon Harris Feb 11 '16 at 05:29

0 Answers0