Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

.htaccess AuthType not working, keeps prompting for password

Discussion in 'Security' started by Moses Moore, Sep 8, 2015.

  1. Moses Moore

    Moses Moore Member

    Joined:
    Jun 19, 2015
    Messages:
    22
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Montreal
    cPanel Access Level:
    Root Administrator
    I'm at a total loss. I've rsync'd all the files to another machine that isn't running cPanel and it works, but when I'm on cPanel it doesn't.

    What I've done:

    mkdir -p ~/public_html/box
    chmod a+rx ~/public_html/box
    cat >~/public_html/box/.htaccess <<<"
    Order allow,deny
    Satisfy any
    Allow from 127.0.0.1
    Require valid-user
    AuthType Basic
    AuthName bochs
    AuthUserFile /home/moses/public_html/box/.htpasswd
    "
    chmod a+r ~/public_html/box/.htaccess
    /usr/local/apache/bin/htpasswd -bc /home/moses/public_html/box/.htpasswd locke key
    chmod a+r /home/moses/public_html/box/.htpasswd

    What I expect:
    When visiting http://.../box/ , I am prompted by my browser for a password. After entering the correct username/password, I am shown the files in the folder.

    What I see instead:
    When visiting http://.../box/, I am prompted by my browser for a password. After entering the correct username/password, I am prompted for the password again. No password is considered valid. There is no message in the error.log file.

    What I've already tried:
    • Changing the .htaccess and .htpasswd file from using \n (Unix) to \r\n (Windows)
    • Moving the AuthUserFile out of the same directory as .htaccess
    • Renaming the AuthUserFile to something that doesn't start with '.ht'
    • Using explicit MD5 (-m) and crypt (-d) and plain (-p) in the '.htpasswd' file.
    • Looking for an .htaccess file in parent directories (there are none).

    It's driving me nuts. I know I'm doing everything correctly because when I rsync the 'box/' folder to another machine that isn't running cPanel, it all works as expected. Is there something about cPanel that I'm overlooking? Is there something I should look for in the /usr/local/apache/* files?
     
  2. Moses Moore

    Moses Moore Member

    Joined:
    Jun 19, 2015
    Messages:
    22
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Montreal
    cPanel Access Level:
    Root Administrator
    Something I didn't try was to use the cPanel interface itself to password-protect the directory.

    ...:2083/cpsess0000000000/frontend/x3/htaccess/dohtaccess.html?dir=%2fhome%2f

    Turned on the checkbox. Created a new user with a password that has more than five bytes. Here's the resulting .htaccess file:

    AuthType Basic
    AuthName "argle:bargle"
    AuthUserFile "/home/moses/.htpasswds/public_html/box/passwd"
    require valid-user

    ... and I'm still getting re-prompted for the password over and over again. So now I've done it the "right" way, using cPanel's own interface, and it still isn't working. This is infuriating.
     
    #2 Moses Moore, Sep 8, 2015
    Last edited by a moderator: Sep 8, 2015
  3. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,423
    Likes Received:
    1,960
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello :)

    Do you notice any error messages in /usr/local/apache/logs/error_log when this happens?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. Moses Moore

    Moses Moore Member

    Joined:
    Jun 19, 2015
    Messages:
    22
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Montreal
    cPanel Access Level:
    Root Administrator
    Sorry, when I said "there is no message in the error.log file" I mean to say "there is no message in the error_log file." I did not mean to mislead you.
     
  5. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,423
    Likes Received:
    1,960
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Could you confirm you reviewed /usr/local/apache/logs/error_log and not the "error_log" file in the account's public_html directory?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. Moses Moore

    Moses Moore Member

    Joined:
    Jun 19, 2015
    Messages:
    22
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Montreal
    cPanel Access Level:
    Root Administrator
    # tail /usr/local/apache/logs/error_log
    [Wed Sep 09 16:41:39 2015] [error] [client 198.100.144.83] File does not exist: /usr/local/apache/htdocs/robots.txt
    [Wed Sep 09 17:04:15 2015] [notice] Graceful restart requested, doing restart

    Is this what you are thinking of? This is what I meant.
     
  7. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,423
    Likes Received:
    1,960
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Feel free to open a support ticket using the link in my signature so we can take a closer look. You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,423
    Likes Received:
    1,960
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    To update, this issue was resolved after the user determined Squid was intercepting traffic on eth0 port 80, that would take the 'Authentication:' http header, then pass it to localhost:80. It worked with "https" because Squid was not intercepting port 443.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice