Htaccess Authentication Resulting In 404
January 9, 2008 - 9:54am
Hi Luke good to see youCan
Hi Luke good to see you
Can you post your htaccess file?
Is it not a case of failing to authenticate, and as a result being redirected to the 401 forbidden page, which may not exist?
Have you looked in your apache error logs to see what is there? They can be very informative in showing which exact file is being requested.
January 9, 2008 - 9:30pm
Hey Buddy!I did look at the
Hey Buddy!
I did look at the logs, and there were some 401s in there which made no sense to me... but as you explained it, that makes sense. Here's the problem: I'm never asked to authenticate. It just redirects me immediately without giving me a chance to authenticate. At any rate, here's some fun stuff:
.htaccess file of directory to be protected
CODE
AuthType Basic
AuthUserFile /path/to/.htpasswd
AuthName "Please Log In"
Require valid-user
AuthUserFile /path/to/.htpasswd
AuthName "Please Log In"
Require valid-user
I've removed the AuthUserFile before posting this since there was enough info in that line to tell what I'm trying to protect, and since it's obviously not protected at the moment... But the path was correct.
Also some info from the logs:
CODE
68.29.155.217 - - [07/Jan/2008:19:24:59 -0800] "GET /<protected-directory> HTTP/1.1" 401 3412 "-" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11"
68.29.155.217 - - [07/Jan/2008:19:25:00 -0800] "GET /404.php HTTP/1.1" 200 3595 "-" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11"
68.29.155.217 - - [07/Jan/2008:19:25:00 -0800] "GET /404.php HTTP/1.1" 200 3595 "-" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11"
Thanks so much!
Luke
January 10, 2008 - 10:59am
It suggests to me your
It suggests to me your htaccess syntax is not correct (or it is not finding the .htpasswd file).
Are you proving the full, absolute path to the file, or a relative path? Have you checked that it is correct? For example, have you tried this on the shell:
cat /path/to/.htpasswd
Also, and I don't know if this matters or not, but my only working example, plus some examples in the apache docs, are listed in a slightly different order.
CODE
AuthType Basic
AuthName "Please Log In"
AuthUserFile /path/to/.htpasswd
Require valid-user
AuthName "Please Log In"
AuthUserFile /path/to/.htpasswd
Require valid-user
January 10, 2008 - 11:02am
February 2, 2009 - 5:56pm
Check your root .htaccess
It looks like this conversation is pretty old, but I found this while searching google for this issue. I figured I should post back the solution just in case anyone else comes upon this page while searching for the same problem.
Chances are that you have another .htaccess in your web root that is directing requests for files that don't exist into a CMS. When you hit the page requiring authentication, your server may be looking for something like /401.shtml. The request is sent to the CMS (Drupal, Joomla, Wordpress, etc) which essentially throws it's own 404. To fix it, you want to add a directive in your root /.htaccess that doesn't pass control to the CMS when Apache looks for a .shtml file. For example, you may see a couple lines like this in that /.htaccess file:
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
Change it to be this:
RewriteCond %{REQUEST_FILENAME} !\.shtml$
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
That should hopefully fix it.
Hey all,
I've got a weird problem... whenever I add htaccess authentication within a directory on one of my sites, I always get redirected to my 404 page... anyone encountered this before?
Thanks,
Luke
--
iLuke