I have three dirs in /var/www/html, one of them has .htacces with following:
Order Allow, Deny Allow from all AuthUserFile /var/www/.htpasswd AuthGroupFile /dev/null AuthName 'lalalal' AuthType Basic Require user lala
When sending request to that dir, server returns 403 instead of 401.
When requesting other dirs, server returns 200.
What is also interesting is that when checking server-info page, there is not a single line refering to protected dir, nor its siblings.
Error log shows:
‘Permission denied: /var/www/html/drugi/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable’
.htaccess file has 644 permissions.
Order Allow, Deny Allow from all
These are not required if you’re using HTTP authentication and you can get rid of them. (And Order breaks if there is whitespace after the comma.)
BTW, it’s a good idea to keep your htpasswd file outside the web documents directory.
Since you’ve updated your question with additional information, I would say that you should also check the permissions in the directory with
ls -alZ to check both the Unix permissions and the SELinux contexts.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.