0

i have a mini website below my sites default files directory and i am trying to make it be password protected with the following .htaccess file which i put in that same directory:

#Protect Directory
AuthName "Dialog prompt"
AuthType Basic
AuthUserFile /Users/dianacastillo/Projects/dam/web/sites/default/files/microsites/food-lineup/.htpasswd
Require valid-user

I also created an .htpasswd file in the same directory.

however when i browse to this directory from the site, it does not ask for any authentication. what could be wrong?

MrWhite
  • 43,179
  • 8
  • 60
  • 84
Diana
  • 234
  • 1
  • 4
  • 15
  • Are you simply serving static files from this directory? Are `.htaccess` overrides enabled for this subdirectory? Add any nonsense to the file, do you get an error? – MrWhite Jan 03 '22 at 20:42
  • i'm in ddev and i put this file in /etc/apache2/apache2.conf AllowOverride AuthConfig # The Options below is an example. Use what you deem is necessary. Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec Order allow,deny Allow from all – Diana Jan 04 '22 at 16:30
  • i figured it out see my answer below. thanks – Diana Jan 05 '22 at 16:30
  • Thanks for the feedback. Glad you got it working, although that `` container isn't necessarily correct... it appears to cover a different directory than the one stated in the question? `MultiViews` and `Indexes` should probably be disabled (not enabled) and the `Order` and `Allow` directives are Apache 2.2 directives (I would assume you are on 2.4?) and could conflict with the `Require` directive in `.htaccess`. – MrWhite Jan 05 '22 at 18:43

1 Answers1

1

this didnt work because i was using ddev . ddev uses nginx, not apache , i switched to apache in the conf.yaml for ddev and now it works.

Diana
  • 234
  • 1
  • 4
  • 15