The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

.htaccess authentication problem, it is not asking for password due to a RewriteRule

Discussion in 'General Discussion' started by guillof, Dec 29, 2015.

  1. guillof

    guillof Member

    Joined:
    Jul 30, 2014
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    In a site I have enabled .htaccess authentication. It worked fine in Plesk, and it is working fine in a debian server test site (it has no control panel).
    But in cPanel this directive of .htaccess

    RewriteRule .* index.php [L]

    For some reason disable the authentication, at least for the root folder and some subfolders. Any idea what could be the cause of this?
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Could you let us know which entries are added to the .htaccess file for password authentication? Are these entries added before or after the Mod_Rewrite rules? Did you use the "Password Protect Directories" option in cPanel to require authentication? It's documented at:

    Password Protect Directories - Documentation - cPanel Documentation

    Thank you.
     
  3. guillof

    guillof Member

    Joined:
    Jul 30, 2014
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Sure:

    AuthName "Password Protected Area"
    AuthType Basic
    AuthUserFile /home/[USER]/public_html/.htpasswd
    require valid-user

    at the beginning of the .htaccess (also tried at the end, same result)

    Yes, I tried with the Password Protect Directories function, but same result.
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,481
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Please post the full htaccess, it seems to me you're doing something wrong there.
     
  5. guillof

    guillof Member

    Joined:
    Jul 30, 2014
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Here it is:

    Code:
    AuthName "Password Protected Area"
    AuthType Basic
    AuthUserFile  /home/[USER]/public_html/.htpasswd
    require valid-user
    
    
    ############################################
    ## default index file
    
      DirectoryIndex index.php
    
    <IfModule mod_php5.c>
    
    ############################################
    ## adjust memory limit
    
      php_value memory_limit 256M
      php_value max_execution_time 18000
    
    ############################################
    ## disable magic quotes for php request vars
    
      php_flag magic_quotes_gpc off
    
    ############################################
    ## disable automatic session start
    ## before autoload was initialized
    
      php_flag session.auto_start off
    
    
    ###########################################
    # disable user agent verification to not break multiple image upload
    
      php_flag suhosin.session.cryptua off
    
    ###########################################
    # turn off compatibility with PHP4 when dealing with objects
    
      php_flag zend.ze1_compatibility_mode Off
    
    </IfModule>
    
    <IfModule mod_security.c>
    ###########################################
    # disable POST processing to not break multiple image upload
    
      SecFilterEngine Off
      SecFilterScanPOST Off
    </IfModule>
    
    <IfModule mod_deflate.c>
    
    
    </IfModule>
    
    <IfModule mod_ssl.c>
    
    ############################################
    ## make HTTPS env vars available for CGI mode
    
      SSLOptions StdEnvVars
    
    </IfModule>
    
    <IfModule mod_rewrite.c>
    
    ############################################
    ## enable rewrites
    
      Options +FollowSymLinks
      RewriteEngine on
    
    ############################################
    ## rewrite API2 calls to api.php (by now it is REST only)
    
      RewriteRule ^api/rest api.php?type=rest [QSA,L]
    
    ############################################
    ## workaround for HTTP authorization
    ## in CGI environment
    
      RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
    
    ############################################
    ## TRACE and TRACK HTTP methods disabled to prevent XSS attacks
    
      RewriteCond %{REQUEST_METHOD} ^TRAC[EK]
      RewriteRule .* - [L,R=405]
    
    ############################################
    
    
    ## redirect for mobile user agents
    
      #RewriteCond %{REQUEST_URI} !^/mobiledirectoryhere/.*$
      #RewriteCond %{HTTP_USER_AGENT} "android|blackberry|ipad|iphone|ipod|iemobile|opera mobile|palmos|webos|googlebot-mobile" [NC]
      #RewriteRule ^(.*)$ /mobiledirectoryhere/ [L,R=302]
    
    ############################################
    ## always send 404 on missing files in these folders
    
      RewriteCond %{REQUEST_URI} !^/(media|skin|js)/
    
    ############################################
    ## never rewrite for existing files, directories and links
    
      RewriteCond %{REQUEST_FILENAME} !-f
      RewriteCond %{REQUEST_FILENAME} !-d
      RewriteCond %{REQUEST_FILENAME} !-l
    
    ############################################
    ## rewrite everything else to index.php
    
      RewriteRule .* index.php [L]  # Line that is causing issues
    
    </IfModule>
    
    
    ############################################
    ## Prevent character encoding issues from server overrides
    ## If you still have problems, use the second line instead
    
      AddDefaultCharset Off
      #AddDefaultCharset UTF-8
    
    <IfModule mod_expires.c>
    
    ############################################
    ## Add default Expires header
    
      ExpiresDefault "access plus 1 year"
    
    </IfModule>
    
    ############################################
    ## By default allow all access
    
      Order allow,deny
      Allow from all
    
    ###########################################
    ## Deny access to release notes to prevent disclosure of the installed Magento version
    
      <Files RELEASE_NOTES.txt>
      order allow,deny
      deny from all
      </Files>
    
    ############################################
    
    
     
    #5 guillof, Jan 5, 2016
    Last edited by a moderator: Jan 5, 2016
  6. guillof

    guillof Member

    Joined:
    Jul 30, 2014
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Any ideas?
     
  7. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,481
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    This appears to be a magento htaccess. Have you made any changes to this file on your server manually other than the password protection you have at top (assuming you did)? If no, you could try and replace this with the default htaccess for magento you started with, and then password protect the directory from within cPanel's tool for that.

    If that's doesn't resolve it, you might need to speak with magento support about this.

    When you mention "some sub folders" do they have their own password protection or htaccess in them?
     
  8. guillof

    guillof Member

    Joined:
    Jul 30, 2014
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    When you mention "some sub folders" do they have their own password protection or htaccess in them?

    No.

    I think this could be a related problem. Access to: example.fi/. An authentication window will appear, press cancel, and it is possible to access the content .

    I created the authentication for this site using cPanel. The .htaccess (a standard Magento ,htaccess, minus the comments):

    Code:
      DirectoryIndex index.php
    
    <IfModule mod_php5.c>
      php_value memory_limit 10048M
      php_value max_execution_time 18000
      php_flag magic_quotes_gpc off
      php_flag session.auto_start off
      php_flag suhosin.session.cryptua off
      php_flag zend.ze1_compatibility_mode Off
    </IfModule>
    
    <IfModule mod_security.c>
      SecFilterEngine Off
      SecFilterScanPOST Off
    </IfModule>
    
    <IfModule mod_ssl.c>
      SSLOptions StdEnvVars
    </IfModule>
    
    <IfModule mod_rewrite.c>
      Options +FollowSymLinks
      RewriteEngine on
      RewriteRule ^api/rest api.php?type=rest [QSA,L]
      RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
      RewriteCond %{REQUEST_METHOD} ^TRAC[EK]
      RewriteRule .* - [L,R=405]
      RewriteCond %{REQUEST_URI} !^/(media|skin|js)/
    
      RewriteCond %{REQUEST_FILENAME} !-f
      RewriteCond %{REQUEST_FILENAME} !-d
      RewriteCond %{REQUEST_FILENAME} !-l
      RewriteRule .* index.php [L]
    </IfModule>
    
      AddDefaultCharset Off
    
    <IfModule mod_expires.c>
      ExpiresDefault "access plus 1 year"
    </IfModule>
    
      Order allow,deny
      Allow from all
    
      <Files RELEASE_NOTES.txt>
      order allow,deny
      deny from all
      </Files>
    
    RewriteEngine on
    RedirectMatch 404 /\.git
    
    AuthType Basic
    AuthName "Password Protected Area"
    AuthUserFile "/home/USER/.htpasswds/subdomains/qa/passwd"
    require valid-user
    
    
    For the record, this doesn't seems like a Magento issue. In the authentication works fine with the same files/dv in a different server.
     
    #8 guillof, Feb 15, 2016
    Last edited by a moderator: Feb 16, 2016
  9. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    I suggest temporarily saving and then removing all entries from this .htaccess file, then setting up the "Password Protect" option again in cPanel to see if the issue continues without the custom Mod_Rewrite rules.

    Thank you.
     
Loading...

Share This Page