I want to password protect a directory. I'm running Apache 2 with cPanel on Centos.
For the sake of this post, the directory is /home/user/my-secret-dir
I used cPanel's "Password Protect Directories" to create the login details, which it stored in a new /home/user/.htpasswds/my-secret-dir/passwd file.
What it didn't do is create the AuthType configuration anywhere - I could simply access the directory without prompts (it's just got a generic index.html whilst I get this working).
So I created /home/user/my-secret-dir/.htaccess myself, with the following contents:
AuthType Basic
AuthName "My Secret Directory"
AuthUserFile "/home/user/.htpasswds/my-secret-dir/passwd"
require valid-user
This now causes the browser to prompt for login details, but upon entering the correct username and password it behaves as if they were wrong and re-prompts for the details.
The details I'm entering are definitely correct.
I've previously setup a password protected directory on this same server (though for different account/domain) and that worked fine (and still works), and I've compared the two and can't see any significant differences.
Any ideas what might be causing the continual prompts, and how I can fix it?
This was a permissions issue - Apache was unable to access the auth file, so was treating everything as invalid.
Checking the logs revealed:
Turns out the
/home/user/.htpasswdsdirectory had existed before now, and had incorrect permissions on it.I updated the permissions so Apache was able to access it, and then logging in worked as expected.