directory restricted but files are not

Forum Moderators: phranque

Message Too Old, No Replies

directory restricted but files are not

pernest

9:44 pm on Feb 19, 2010 (gmt 0)

Hello

I am new to using htaccess. I have got so far with my host but now I have run into an 'interesting' problem.

I've managed to restrict a directory which contains two test files index.php and test.php. When I try to access the directory itself I'm prompted for a username and password, if I enter the correct ones then index.php loads. However if I try and access either index.php or test.php then I am allowed to without any restriction.

.htaccess is
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /web2/user7423/website/learning/testing/.htpasswd
AuthGroupFile /dev/null
require valid-user

I know that I'm not supposed to have the .htpasswd file in my web directory but I'm taking this one step at a time. I want to get it working first before I use best practice.

I am using a very restrictive package on the host easily.co.uk, basically I have ftp access and nothing else.

If anyone has any ideas they would be much appreciated.

Paul

jdMorgan

1:43 am on Feb 20, 2010 (gmt 0)

Make sure the .passwd file is not in the protected directory itself (you didn't say).

If you use mod_access (e.g. "Order", "Deny from" and "Allow from"), you may have an "Allow from all" directive that is overriding password access. If this is the case, you may need to add "Satisfy all" or re-arrange your mod_access code so that it doesn't override mod_auth. See "Satisfy" directive documentation in Apache core for details.

The fact that "index.php" is directly-accessible as well as "/" indicates a duplicate-content problem. Since this is a password-protected directory, it's not a problem here. But make sure that all index-page requests in the public directories of your site are 301-redirected to "/" in those same directories to avoid duplicate-content problems.

Jim

pernest

1:37 pm on Feb 20, 2010 (gmt 0)

I've discovered that html files in the directory are protected but the php ones are not. After a bit of searching on this forum I've found other people who've had the same problem and it seems to be down to a poorly configured server. Looks as though I can't sort this out with the limited hosting package I have.