CentOS Apache: basic auth returning 403 instead of 401

cbaby asked:

I have three dirs in /var/www/html, one of them has .htacces with following:

Order Allow, Deny
Allow from all
AuthUserFile /var/www/.htpasswd
AuthGroupFile /dev/null
AuthName 'lalalal'
AuthType Basic

Require user lala

When sending request to that dir, server returns 403 instead of 401.
When requesting other dirs, server returns 200.
What is also interesting is that when checking server-info page, there is not a single line refering to protected dir, nor its siblings.


Error log shows:
‘Permission denied: /var/www/html/drugi/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable’
.htaccess file has 644 permissions.

My answer:

Order Allow, Deny
Allow from all

These are not required if you’re using HTTP authentication and you can get rid of them. (And Order breaks if there is whitespace after the comma.)

BTW, it’s a good idea to keep your htpasswd file outside the web documents directory.

Since you’ve updated your question with additional information, I would say that you should also check the permissions in the directory with ls -alZ to check both the Unix permissions and the SELinux contexts.

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.