0

i have a basic auth protected directory with :

AuthType Basic 
AuthName "restricted area"
AuthUserFile /path/to/.htpasswd
require valid-user

every thing is ok and directories are not visible , and force to login , but .txt files are visible directly in any browsers , i checked in every browser and its not some login remember problem
example :

test.com/password-dir/

is no visible but

test.com/password-dir/1.txt

is visible

Ali
  • 118
  • 6
  • I don’t think that can be explained by the code you have shown so far. Do you have any rewriting configured on the root level, or anything like that, that might interfere? – CBroe May 26 '21 at 08:06
  • no its has an empty htaccess in root folder , and cpanel is installed . – Ali May 26 '21 at 08:16
  • Can you give us a real URL to one of those text files, so we can check how it behaves for ourselves? – CBroe May 26 '21 at 08:19
  • sorry its an international project and i have not permission to send direct link . any comments? is it possible its server cache or cloud cache ? – Ali May 26 '21 at 08:25
  • 1
    Sure, caching on some level could easily be part of the problem here. – CBroe May 26 '21 at 09:21

1 Answers1

0

For every one who come here from google , or Other search mechanisms I Finally Found The Problem and Fixed it . When You are Using Curl
Its very strange on litespeed server with cache enabled , when you Request a Url with Authentication data ( user and password ) , even if you dont send Authentication data again , Server will always respond to you request . in my case :

test/1.txt

was opened one time with auth data and responded to me , because of this , server always responded well even if im not sending auth data.

but when CURL request to another url link like:

test/2.txt

authentication data needed ; so authentication doesnt have problem and worked well . it was just caching mechanism that let me visit/request the file again without auth data.

Ali
  • 118
  • 6