The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

.htaccess AuthType not working, keeps prompting for password

Discussion in 'Security' started by Moses Moore, Sep 8, 2015.

  1. Moses Moore

    Moses Moore Member

    Joined:
    Jun 19, 2015
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Montreal
    cPanel Access Level:
    Root Administrator
    I'm at a total loss. I've rsync'd all the files to another machine that isn't running cPanel and it works, but when I'm on cPanel it doesn't.

    What I've done:

    mkdir -p ~/public_html/box
    chmod a+rx ~/public_html/box
    cat >~/public_html/box/.htaccess <<<"
    Order allow,deny
    Satisfy any
    Allow from 127.0.0.1
    Require valid-user
    AuthType Basic
    AuthName bochs
    AuthUserFile /home/moses/public_html/box/.htpasswd
    "
    chmod a+r ~/public_html/box/.htaccess
    /usr/local/apache/bin/htpasswd -bc /home/moses/public_html/box/.htpasswd locke key
    chmod a+r /home/moses/public_html/box/.htpasswd

    What I expect:
    When visiting http://.../box/ , I am prompted by my browser for a password. After entering the correct username/password, I am shown the files in the folder.

    What I see instead:
    When visiting http://.../box/, I am prompted by my browser for a password. After entering the correct username/password, I am prompted for the password again. No password is considered valid. There is no message in the error.log file.

    What I've already tried:
    • Changing the .htaccess and .htpasswd file from using \n (Unix) to \r\n (Windows)
    • Moving the AuthUserFile out of the same directory as .htaccess
    • Renaming the AuthUserFile to something that doesn't start with '.ht'
    • Using explicit MD5 (-m) and crypt (-d) and plain (-p) in the '.htpasswd' file.
    • Looking for an .htaccess file in parent directories (there are none).

    It's driving me nuts. I know I'm doing everything correctly because when I rsync the 'box/' folder to another machine that isn't running cPanel, it all works as expected. Is there something about cPanel that I'm overlooking? Is there something I should look for in the /usr/local/apache/* files?
     
  2. Moses Moore

    Moses Moore Member

    Joined:
    Jun 19, 2015
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Montreal
    cPanel Access Level:
    Root Administrator
    Something I didn't try was to use the cPanel interface itself to password-protect the directory.

    ...:2083/cpsess0000000000/frontend/x3/htaccess/dohtaccess.html?dir=%2fhome%2f

    Turned on the checkbox. Created a new user with a password that has more than five bytes. Here's the resulting .htaccess file:

    AuthType Basic
    AuthName "argle:bargle"
    AuthUserFile "/home/moses/.htpasswds/public_html/box/passwd"
    require valid-user

    ... and I'm still getting re-prompted for the password over and over again. So now I've done it the "right" way, using cPanel's own interface, and it still isn't working. This is infuriating.
     
    #2 Moses Moore, Sep 8, 2015
    Last edited by a moderator: Sep 8, 2015
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  4. Moses Moore

    Moses Moore Member

    Joined:
    Jun 19, 2015
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Montreal
    cPanel Access Level:
    Root Administrator
    Sorry, when I said "there is no message in the error.log file" I mean to say "there is no message in the error_log file." I did not mean to mislead you.
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Could you confirm you reviewed /usr/local/apache/logs/error_log and not the "error_log" file in the account's public_html directory?

    Thank you.
     
  6. Moses Moore

    Moses Moore Member

    Joined:
    Jun 19, 2015
    Messages:
    19
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Montreal
    cPanel Access Level:
    Root Administrator
    # tail /usr/local/apache/logs/error_log
    [Wed Sep 09 16:41:39 2015] [error] [client 198.100.144.83] File does not exist: /usr/local/apache/htdocs/robots.txt
    [Wed Sep 09 17:04:15 2015] [notice] Graceful restart requested, doing restart

    Is this what you are thinking of? This is what I meant.
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Feel free to open a support ticket using the link in my signature so we can take a closer look. You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
  8. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    To update, this issue was resolved after the user determined Squid was intercepting traffic on eth0 port 80, that would take the 'Authentication:' http header, then pass it to localhost:80. It worked with "https" because Squid was not intercepting port 443.

    Thank you.
     
Loading...

Share This Page