4

in my htaccess I have below code which is used to save admin* area. If I give wrong username password it keeps poping up for correct usrename but if I press cancel I can see my restriced area instead loading error page, what is wrong? thanks

AuthName "Restricted Area" 
AuthType Basic  
AuthUserFile /home/mydirectory/.htpasswds/.htpasswd 
AuthGroupFile /dev/null 
<Files admin*>
require valid-user
</Files>
user969068
  • 2,818
  • 5
  • 33
  • 64
  • I cannot verify your observation. If I use your example as .htaccess file, it works as it should, i.e. when I press cancel it denies access to any file or directory starting with admin. – Olaf Dietsche Mar 14 '13 at 09:26
  • Thank you for testing but I am facing that issue, also it is on cpanel using codeigniter. – user969068 Mar 14 '13 at 12:11
  • I don't want to imply, that you don't have this problem. Only give feedback, that the .htaccess is fine so far in a simple test environment and the problem might be in some other parts. – Olaf Dietsche Mar 14 '13 at 12:15

4 Answers4

0

Your .htaccess doesn't protect for anything else than admin*.

If you have auto index option enabled for example, it doesn't match the pattern (but having DirectoryIndex set to adminindex for example do so).

Maybe the authentication prompt is related to a resource needed by the page (JS, css, image, favicon) and not the page itself.

Could you try to inspect HTTP response using curl or apache logs ?

This might give you a hint.

curl -vso/dev/null http://localhost/test/
Damien
  • 767
  • 9
  • 13
  • 1
    Thanks, i get 403 response and it prompts again for username/pass, if i press ok without giving username or with wrong username but when hit cancel I can see protect area , it is working properly on my localhost but not on production server. – user969068 Mar 19 '13 at 14:49
  • Could you take a look on the AllowOverride directives to see if something differs from your production servers on your local config ? – Damien Mar 20 '13 at 01:01
0

I had this same issue. For me the problem was a RewriteRule in the htaccess folder in a directory above the one that was password protected.

I resolved my issue by adding RewriteEngine off to the top of the htaccess in the folder I was password protecting.

Michael W
  • 1
0

I found that this behavior occurred when .htaccess was present in the parent directory but not in the actual directory being accessed. Placing another .htaccess file in the directory being accessed stopped this behavior.

Jason Pitt
  • 31
  • 6
0

If you're using wordpress, it's a known issue. Solution here

br4nnigan
  • 646
  • 6
  • 13