.htaccess AuthType not working, keeps prompting for password

Moses Moore

Member
Jun 19, 2015
22
0
1
Montreal
cPanel Access Level
Root Administrator
I'm at a total loss. I've rsync'd all the files to another machine that isn't running cPanel and it works, but when I'm on cPanel it doesn't.

What I've done:

mkdir -p ~/public_html/box
chmod a+rx ~/public_html/box
cat >~/public_html/box/.htaccess <<<"
Order allow,deny
Satisfy any
Allow from 127.0.0.1
Require valid-user
AuthType Basic
AuthName bochs
AuthUserFile /home/moses/public_html/box/.htpasswd
"
chmod a+r ~/public_html/box/.htaccess
/usr/local/apache/bin/htpasswd -bc /home/moses/public_html/box/.htpasswd locke key
chmod a+r /home/moses/public_html/box/.htpasswd

What I expect:
When visiting http://.../box/ , I am prompted by my browser for a password. After entering the correct username/password, I am shown the files in the folder.

What I see instead:
When visiting http://.../box/, I am prompted by my browser for a password. After entering the correct username/password, I am prompted for the password again. No password is considered valid. There is no message in the error.log file.

What I've already tried:
  • Changing the .htaccess and .htpasswd file from using \n (Unix) to \r\n (Windows)
  • Moving the AuthUserFile out of the same directory as .htaccess
  • Renaming the AuthUserFile to something that doesn't start with '.ht'
  • Using explicit MD5 (-m) and crypt (-d) and plain (-p) in the '.htpasswd' file.
  • Looking for an .htaccess file in parent directories (there are none).

It's driving me nuts. I know I'm doing everything correctly because when I rsync the 'box/' folder to another machine that isn't running cPanel, it all works as expected. Is there something about cPanel that I'm overlooking? Is there something I should look for in the /usr/local/apache/* files?
 

Moses Moore

Member
Jun 19, 2015
22
0
1
Montreal
cPanel Access Level
Root Administrator
Something I didn't try was to use the cPanel interface itself to password-protect the directory.

...:2083/cpsess0000000000/frontend/x3/htaccess/dohtaccess.html?dir=%2fhome%2f

Turned on the checkbox. Created a new user with a password that has more than five bytes. Here's the resulting .htaccess file:

AuthType Basic
AuthName "argle:bargle"
AuthUserFile "/home/moses/.htpasswds/public_html/box/passwd"
require valid-user

... and I'm still getting re-prompted for the password over and over again. So now I've done it the "right" way, using cPanel's own interface, and it still isn't working. This is infuriating.
 
Last edited by a moderator:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,254
463
Hello :)

Do you notice any error messages in /usr/local/apache/logs/error_log when this happens?

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,254
463
Could you confirm you reviewed /usr/local/apache/logs/error_log and not the "error_log" file in the account's public_html directory?

Thank you.
 

Moses Moore

Member
Jun 19, 2015
22
0
1
Montreal
cPanel Access Level
Root Administrator
Could you confirm you reviewed /usr/local/apache/logs/error_log and not the "error_log" file in the account's public_html directory?

Thank you.
# tail /usr/local/apache/logs/error_log
[Wed Sep 09 16:41:39 2015] [error] [client 198.100.144.83] File does not exist: /usr/local/apache/htdocs/robots.txt
[Wed Sep 09 17:04:15 2015] [notice] Graceful restart requested, doing restart

Is this what you are thinking of? This is what I meant.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,254
463
Feel free to open a support ticket using the link in my signature so we can take a closer look. You can post the ticket number here so we can update this thread with the outcome.

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,254
463
To update, this issue was resolved after the user determined Squid was intercepting traffic on eth0 port 80, that would take the 'Authentication:' http header, then pass it to localhost:80. It worked with "https" because Squid was not intercepting port 443.

Thank you.