I'm having a bit of a problem. I have set up a .htaccess file in a sub-directory under my web-root directory.

This is the contents of my .htaccess file:
AuthUserFile /var/www/html/usage/.htpasswd
AuthGroupFile /dev/null
AuthName EnterPassword
AuthType Basic
require valid-user

My web root dir is /var/www/html

I have an .htaccess file in that directory as well to prevent directory listings. It works there for that, but the password one does not.

Any ideas?

John

Sounds to me like you do not have permission to set the "LIMIT" access rights for that directory. You may need to check your apache config file and see if there is an "AllowOverride" for either the directory in question or one of its parents and what options you are allowed to "override" with htaccess.

I did have the following in my httpd.conf:

<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>

I tried changing the None to All and also commenting out all the lines and the page did not ask for a password when I accessed it.

John

Is there a "Directory" directive in your conf file that references either "/var/www/html" or maybe "/var/www"? The "AllowOverride" there (assuming there is one) is probably what's messing you up.
If you switch it to "ALL" (or at least LIMIT) and
restart apache, you should see the password prompt when you reload the page.

Note that it's the last "AllowOverride" in the directory tree that matters. If "/" is set to "ALL" and "/var/www" is set to "NONE", you get none in every subdir of "/var/www", unless of course there's another entry for "/var/www/html" (and so on).

Thanks, there was a second entry. When I changed that from None to All, it asked me for my password.

John

Hmm. Also, shouldn't passwd files be outside the webroot?..

I did have the .htpasswd file in the directory I was trying to password protect.

John