I'm trying to set a user name and password to enter directories in my server. I have added this to the document root of my apache server in the .htaccess file:

AuthUserFile /usr/lib/cgi-bin/passwords/.htpasswd
AuthGroupFile /usr/lib/cgi-bin/passwords/.htgroup
AuthName "testing"
AuthType Basic
<Limit GET POST>
require group Admins
</Limit> 

I chmoded: chmod 604 .htaccess

I then created the .htpasswd and .htgroup in the directory /usr/lib/cgi-bin/passwords. Here are those files:

// .htpasswd
yahn:encryptedpassword
// .htgroup
Admins: yahn

I did: htpasswd -c .htpasswd yahn
and set the password like that.

Yes, both .htgroup and .htpasswd were chmoded and have carriage returns at the bottom of them.

I checked to see if mod_auth was loaded, and it was.

I have this in my httpd.conf

<Directory />
Options None
AllowOverride None
Order deny,allow
Deny from all
</Directory>
<Directory "/var/www">
Options None
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory> 

I restarted my server, so I know that isn't the issue. I checked my httpd.conf file to make sure I am loading the auth_mod and it is.

When I tried changing the /var/www Directory to deny from all, when I restarted my server I could still visit my website on my computer. I don't know if localhost isn't considered part of all, but I thought that was a little strange.

Does anyone know what the problem could be?