0

I would like to use a .htaccess and a .htpasswd file to protect access to a website.

The following code successfully brings up the auth dialog when visiting mysite.com. But when visiting mysite.com/index.html the auth dialog does not appear and the website can be accessed without protection.

.htaccess

AuthUserFile /path/to/.htpasswd
AuthType Basic
AuthName "Password Protected"
Require valid-user

What do I need to change to ensure that mysite.com/index.html is protected as well?

I have tried adding:

Order Deny,Allow
Deny from all
Satisfy any
Require valid-user

and also:

<Files "index.html">
  Require valid-user
</Files>

Neither make any difference to the problem.

Ben
  • 15,938
  • 19
  • 92
  • 138
  • What you have in the .htaccess should achieve that on its own already. I guess your “problem” here is simply that you have entered the credentials already when you accessed `mysite.com`? The browser will remember those credentials until it gets closed, and automatically send them for any other URLs from that same realm … Try opening `mysite.com/index.html` in a new, private tab, and see what happens then. – 04FS Oct 21 '19 at 12:21
  • Nope, already tried that. – Ben Oct 21 '19 at 12:28
  • There is no reason why it should behave like that, based on those few lines of .htaccess code you have shown. – 04FS Oct 21 '19 at 12:33
  • I've tried private Chrome window, which lets me access index.html without auth pop.up. However, both in Firefox and Safari I do get the pop-up for index.html, but the site is already loaded behind it. – Ben Oct 21 '19 at 12:41
  • That sounds as if some resource that you embedded into the index.html was triggering this then in FF and Safari, and not that main document itself. – 04FS Oct 21 '19 at 12:44

1 Answers1

0

maybe you could try it with

AllowOverride AuthConfig

If I remember it right it is not activated on the default :)

you can get more information in the official apache doc

https://httpd.apache.org/docs/2.4/howto/auth.html

bomel2k9
  • 141
  • 3