> > > Do I also need to add a new entry in httpd.conf or load a new apache >> > module? > > > >Not by default, no. >> > >There are several AllowOverrides statements in the default httpd.conf. > >Which did you modify? > > > >The one you wanted should be around line 327, looking like this: >> > > Options Indexes FollowSymLinks >> >> # >> # AllowOverride controls what directives may be placed in .htaccess files. >> # It can be "All", "None", or any combination of the keywords: >> # Options FileInfo AuthConfig Limit >> # > > AllowOverride None >> >> # >> # Controls who can get stuff from this server. >> # > > Order allow,deny > > Allow from all >> >> </Directory> >> >> Change the AllowOverride to AuthConfig, and that should be just about it. >> >> You don't want to use the AuthDBMType unless you're using htdbm >> instead of htpasswd to generate your password file lists. >> >> You also need to make sure that apache has access to the area where >> you're putting your .htaccess. >> >> If you're stuffing this in your home directory like it looks above, >> apache doesn't have permissions in here unless you've modified your >> homedir to 711 from 700. Selinux can also cause some issues in here as >> well if you have it enabled and haven't changed contexts. >> >> Without fully seeing the config that you're using and some info about >> the dir you're trying to restrict, it'll be a little harder to offer >> more help. > >I reset AllowOverride to AuthConfig and it's still not working. > >OK the dir I am trying to password protect (named www) is the home or main or root directory of >www.mydomain.com - it is owned by apache The permissions on www were set to 755. .htaccess is located >inside www and is also owned by apache. .htpasswd is just below, or outside of www and outside of web access >and is also owned by apache. > >I do have selinux enabled I believe. > >For my httpd.conf, I have one main configuration file in /etc/httpd/conf and for each virtual domain, I have individual >www.mydomain.com.conf files with associated virtual host tags inside, and located in /etc/httpd/conf.d directory. > >I also tried placing the AllowOverride AuthConfig directive inside the individual conf.d virtual domain >files but then apache would not reload, so I took them out and reloaded again. > >Are the individual conf.d files causing the problem? > In addition to the above, I have tried all three of the two below contents inside of my .htaccess file as suggested: <Location /secure> AuthType basic AuthName "private area" AuthBasicProvider file AuthDBMUserFile /home/maindir/.htpasswd Require valid-user </Location> <Location /secure> AuthType basic AuthName "private area" AuthBasicProvider file Require valid-user </Location> AuthUserFile /home/maindir/.htpasswd AuthType Basic AuthName "My Secret Folder" Require valid-user Going green? See the top 12 foods to eat organic. _________________________________________________________________ Use video conversation to talk face-to-face with Windows Live Messenger. http://www.windowslive.com/messenger/connect_your_way.html?ocid=TXT_TAGLM_WL_Refresh_messenger_video_042008 -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20080419/1b92faa4/attachment-0005.html>