> > Do I also need to add a new entry in httpd.conf or load a new apache > > module? > > Not by default, no. > > There are several AllowOverrides statements in the default httpd.conf. > Which did you modify? > > The one you wanted should be around line 327, looking like this: > > Options Indexes FollowSymLinks > > # > # AllowOverride controls what directives may be placed in .htaccess files. > # It can be "All", "None", or any combination of the keywords: > # Options FileInfo AuthConfig Limit > # > AllowOverride None > > # > # Controls who can get stuff from this server. > # > Order allow,deny > Allow from all > > </Directory> > > Change the AllowOverride to AuthConfig, and that should be just about it. > > You don't want to use the AuthDBMType unless you're using htdbm > instead of htpasswd to generate your password file lists. > > You also need to make sure that apache has access to the area where > you're putting your .htaccess. > > If you're stuffing this in your home directory like it looks above, > apache doesn't have permissions in here unless you've modified your > homedir to 711 from 700. Selinux can also cause some issues in here as > well if you have it enabled and haven't changed contexts. > > Without fully seeing the config that you're using and some info about > the dir you're trying to restrict, it'll be a little harder to offer > more help. I reset AllowOverride to AuthConfig and it's still not working. OK the dir I am trying to password protect (named www) is the home or main or root directory of www.mydomain.com - it is owned by apache The permissions on www were set to 755. .htaccess is located inside www and is also owned by apache. .htpasswd is just below, or outside of www and outside of web access and is also owned by apache. I do have selinux enabled I believe. For my httpd.conf, I have one main configuration file in /etc/httpd/conf and for each virtual domain, I have individual www.mydomain.com.conf files with associated virtual host tags inside, and located in /etc/httpd/conf.d directory. I also tried placing the AllowOverride AuthConfig directive inside the individual conf.d virtual domain files but then apache would not reload, so I took them out and reloaded again. Are the individual conf.d files causing the problem? _________________________________________________________________ Going green? See the top 12 foods to eat organic. http://green.msn.com/galleries/photos/photos.aspx?gid=164&ocid=T003MSN51N1653A -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20080419/fc3cac00/attachment-0004.html>