0

I have apache 2.4.57 on a windows server. I created a new folder that only needs to display files that can be downloaded. In the httpd.conf file, I added this:

Alias "/pw_files" "f:\www_shared\pw_files" 
<Directory "f:\www_shared\pw_files">
    Require all granted
    Options Indexes
    IndexOptions FancyIndexing HTMLTable FoldersFirst SuppressDescription SuppressLastModified NameWidth=* IconWidth=20 IconHeight=20
    IndexStyleSheet /css/autoindex.css
</Directory>

I created a .htpasswd file in the f:\www_shared\pw_files with this:

AuthType Basic
AuthName "please enter credentials"
AuthUserFile f:\www_shared\pw_files
AuthGroupFile "c:/apache_php/apache/htpasswd_group2.txt"
Require group pw_files

I created a new user:

htpasswd -c f:\www_shared\pw_files\.htpasswd pw_user

I moved the output from .htpasswd into the .htpasswd file in c:\apache_php\apache

In c:/apache_php/apache/htpasswd_group2.txt I have:

pw_files: admin pw_user

I made these changes and restarted.

However, when I go to:

http://www.example.com/pw_files

it takes me right to view the contents of the folder, but I never get the prompt to enter the username and password. I'm not sure what I missed.

1 Answer 1

2

One of the big misconceptions is that Apache password protection and mod-rewrite rules must be placed in .htaccess files. That is false. https://httpd.apache.org/docs/2.4/howto/htaccess.html#when

You clearly have access to the main Apache configuration and httpd.conf ; then it is recommended to place your access restrictions there in the <Directory "f:\www_shared\pw_files"> section you already have.

Second: your f:\www_shared\pw_files appears to be a directory and then AuthUserFile f:\www_shared\pw_files is incorrect as the AuthUserFile directive expects a file path. Use AuthUserFile f:\www_shared\pw_files\.htpasswd instead.

Then: .htaccess files are ignored unless enabled with the AllowOverride directive and the class of directives used in there are allowed.

Last: get rid of the Require all granted directive which basically removes all access restrictions:

Alias "/pw_files" "f:\www_shared\pw_files" 
<Directory "f:\www_shared\pw_files">
    Options Indexes
    IndexOptions FancyIndexing HTMLTable FoldersFirst SuppressDescription SuppressLastModified NameWidth=* IconWidth=20 IconHeight=20
    IndexStyleSheet /css/autoindex.css
    AuthType Basic
    AuthName "please enter credentials"
    AuthUserFile "f:/www_shared/pw_files/.htpasswd"
    AuthGroupFile "c:/apache_php/apache/htpasswd_group2.txt"
    Require group pw_files
</Directory>
1
  • That fixed it, thank you!
    – raphael75
    Commented May 3 at 15:32

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .