Directory protection does not update .htaccess

Luana Premoli

Well-Known Member
Oct 3, 2016
68
7
8
São Paulo/Brazil
cPanel Access Level
Root Administrator
Hi,

When accessing the Directory Privacy option in cPanel, passwd is created but the .htaccess entry is not created, so when accessing the address the password is not required.


Code:
[email protected] [/home/zabbixhgmxco]# cd .htpasswds
[email protected] [/home/zabbixhgmxco/.htpasswds]# ll
total 12
drwxr-x---  3 zabbixhgmxco nobody       4096 Jul 25 16:47 ./
drwx--x--x 30 zabbixhgmxco zabbixhgmxco 4096 Oct  7 15:04 ../
drwxr-x---  3 zabbixhgmxco nobody       4096 Dec  3 13:03 public_html/
[email protected] [/home/zabbixhgmxco/.htpasswds]# cd public_html/
[email protected] [/home/zabbixhgmxco/.htpasswds/public_html]# ll
total 12
drwxr-x--- 3 zabbixhgmxco nobody 4096 Dec  3 13:03 ./
drwxr-x--- 3 zabbixhgmxco nobody 4096 Jul 25 16:47 ../
drwxr-x--- 2 zabbixhgmxco nobody 4096 Dec  3 13:21 TESTEHG/
[email protected] [/home/zabbixhgmxco/.htpasswds/public_html]# cd TESTEHG/
[email protected] [/home/zabbixhgmxco/.htpasswds/public_html/TESTEHG]# ll
total 12
drwxr-x--- 2 zabbixhgmxco nobody       4096 Dec  3 13:21 ./
drwxr-x--- 3 zabbixhgmxco nobody       4096 Dec  3 13:03 ../
-rw-r--r-- 1 zabbixhgmxco zabbixhgmxco   93 Dec  3 13:21 passwd
[email protected] [/home/zabbixhgmxco/.htpasswds/public_html/TESTEHG]#
[email protected] [/home/zabbixhgmxco/.htpasswds/public_html/TESTEHG]#
[email protected] [/home/zabbixhgmxco/.htpasswds/public_html/TESTEHG]# cat passwd
testehg:$apr1$VoCDgz_y$eZkxNgwMT9FkPAjdQ3O1m/
testehg2:$apr1$rtSBCJuy$8GeSiYNLZnpoKjE6aKhNm1
[email protected] [/home/zabbixhgmxco/.htpasswds/public_html/TESTEHG]#

Code:
[email protected] [/home/zabbixhgmxco]# for file in $(find -name  .htaccess); do ls -lt  $file ; done
-rw-r--r-- 1 zabbixhgmxco zabbixhgmxco 299 Aug 19 22:26 ./subdomain.zabbix.hgmxco.net/.htaccess
-rw-r--r-- 1 zabbixhgmxco zabbixhgmxco 112 Jul 15 09:42 ./.htaccess
-rw-r--r-- 1 zabbixhgmxco zabbixhgmxco 45 Oct 27  2016 ./public_html/lpremoli/.htaccess
-rw-r--r-- 1 zabbixhgmxco zabbixhgmxco 362 Aug 19 22:26 ./public_html/.htaccess
-rw-r--r-- 1 zabbixhgmxco zabbixhgmxco 337 Sep 25  2018 ./public_html/app-old/.htaccess
-rw-r--r-- 1 zabbixhgmxco zabbixhgmxco 298 Aug 19 22:26 ./public_html/zabbixreport.com.br/.htaccess
-rw-r--r-- 1 zabbixhgmxco zabbixhgmxco 299 Aug 19 22:26 ./public_html/app/.htaccess
-rw-r--r-- 1 zabbixhgmxco zabbixhgmxco 299 Aug 19 22:26 ./public_html/luana.com/.htaccess
-rw-r--r-- 1 zabbixhgmxco zabbixhgmxco 42 Sep 25  2018 ./public_html/loppremoli.com/.htaccess
-rw-r--r-- 1 zabbixhgmxco zabbixhgmxco 255 Mar  7  2018 ./public_html/wordpress/.htaccess
-rw-r--r-- 1 zabbixhgmxco zabbixhgmxco 150 Nov 30  2018 ./public_html/wordpress/wp-content/ai1wm-backups/.htaccess
-rw-r--r-- 1 zabbixhgmxco zabbixhgmxco 629 Jun 18  2018 ./public_html/wordpress/wp-content/plugins/akismet/.htaccess
-rw-r--r-- 1 zabbixhgmxco zabbixhgmxco 350 Jul 25 16:50 ./zabbixreport.com.br/.htaccess
-rw-r--r-- 1 zabbixhgmxco zabbixhgmxco 13 Jul  7  2017 ./.composer/.htaccess
-rw-r--r-- 1 zabbixhgmxco zabbixhgmxco 13 Jul  7  2017 ./.composer/cache/.htaccess


If manually entered in .htaccess password is required when accessing address


Code:
AuthType Basic
AuthName "zabbixhgmxco"
AuthUserFile "/home/zabbixhgmxco/.htpasswds/public_html/TESTEHG/passwd"
require valid-user



This happens on two different servers:


Code:
[email protected] [~]# grep '' /etc/redhat-release /usr/local/cpanel/version /var/cpanel/envtype; uname -r
/etc/redhat-release:CentOS release 6.10 (Final)
/usr/local/cpanel/version:11.82.0.19
/var/cpanel/envtype:virtuozzo
2.6.32-042stab133.2
[email protected] [~]#

Code:
[[email protected] ~]# grep '' /etc/redhat-release /usr/local/cpanel/version /var/cpanel/envtype; uname -r
/etc/redhat-release:CentOS release 6.10 (Final)
/usr/local/cpanel/version:11.78.0.44
/var/cpanel/envtype:kvm
4.14.121-197.ELK.el6.x86_64
[[email protected] ~]#
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,297
1,259
313
Houston
I'd assume this is related to some configuration or missed step you have present on the server, I have no issues adding password protection.


Every folder in /home/$user/.htpassword corresponds to the folder password protection is set on. I see that you're testing password protection on TESTEHG but I do not see an .htaccess file for that being modified or even present in your search.

For example, I enable directory privacy for my addon domain test.com which is present in /home/$user/public_html/test.com/

an .htaccess file is created and the following is added to it:

Code:
AuthType Basic
AuthName "testingprivacy"
AuthUserFile "/home/$user/.htpasswds/public_html/test.com/passwd"
require valid-user
Code:
[[email protected] test.com]# stat .htaccess
  File: ‘.htaccess’
  Size: 127           Blocks: 8          IO Block: 4096   regular file
Device: fd01h/64769d    Inode: 147906      Links: 1
Access: (0644/-rw-r--r--)  Uid: ( 1000/  user)   Gid: ( 1002/  group)
Access: 2019-12-04 17:26:21.144861695 -0600
Modify: 2019-12-04 17:26:19.375860993 -0600
Change: 2019-12-04 17:26:19.375860993 -0600
 Birth: -