My website uses Apache and cPanel and I recently set up a password protected folder. Here are some possible tips.
WedNESday wrote: ↑Sun Sep 17, 2023 10:26 amI don't even know if it's Apache that my server is running.
I think your server is using Apache.
Your cPanel page probably looks something like this image:
The cPanel Interface (from the page The cPanel Interface).
To confirm what version of Apache your server is using, log into cPanel, look in the right margin General Information section, then click the link at the bottom that says "Server Information".
WedNESday wrote: ↑Sun Sep 17, 2023 10:26 amThere are absolutely 0 logs to be found anywhere.
To access error messages or web logs, log into cPanel, look in the main tools area for the Metrics section, then click on the following icons:
"Errors" will show recent server error logs.
"Visitors" will show you a sortable table of the web log.
"Raw Access" will let you download zipped plain text web logs.
(Another way to get to these pages is by going to the search box at the top of the cPanel page and typing in
Errors,
Visitors or
Raw Access.)
WedNESday wrote: ↑Sun Sep 17, 2023 10:26 amCould it maybe have something to do with 'AllowOverride'? I did read in a few places that it might be playing some kind of role here.
As you have probably learned, AllowOverride is used to enable or disable what directives will work in .htaccess files. Since the browser is prompting for a username and password, that suggests to me that the server is obeying the relevant directives in the .htaccess file in the folder you want to password protect. This makes me think AllowOverride is not causing your problem. (Or at least not AllowOverride AuthConfig.)
WedNESday wrote: ↑Sun Sep 17, 2023 11:36 amI've just tried using the following code:
Code: Select all
<Directory "/dir1/dir2">
AllowOverride AuthConfig
</Directory>
...inside the .htaccess files
Be aware that Apache uses both
main config files and folder-based
.htaccess files. If you are on a shared server (in other words, if your hosting provider uses one IP address for multiple websites), then the main config files are only accessible and editable by your hosting provider. But you can create and edit .htaccess files in your own folders to control some of the web server settings related to your own website.
As I understand it, the AllowOverride and <Directory> directives only work in the main config files, not in .htaccess files.
In the Apache HTTP Server documentation, take a look at the
.htaccess Files Tutorial and explore other topics from the links on that page as desired.
(Note that the documentation encourages using main config files instead of .htaccess files when possible. But if you are on a shared server, being able to use .htaccess files is a good thing because it lets individual website authors customize server settings for their own websites because they do not have access to the main config files.)
WedNESday wrote: ↑Sun Sep 17, 2023 11:36 amI just checked Edge's log (F12) to see something about a 401 error.
Drag wrote: ↑Sun Sep 17, 2023 1:36 pmA 401 error in Edge means the server responded "you're not authorized to access the resource you were trying to access" i.e., the wrong password was given.
As Drag said, the server sending a 401 error to the browser just means the server thinks the username and password is missing or incorrect. In fact, the first time the server sends the 401 error is how the browser discovers it should prompt you for a username and password. However, after you enter a username and password for the browser to send, if the server still thinks the username and password is missing or incorrect it will keep sending the 401 error to the browser.
