Apache .htaccess error: 'not allowed here' on Debian Wheezy

apache-2.2 .htaccess .htpasswd
43,206

Solution 1

The Apache Directory directive on /var/www/ninja/www/ only allows modification of the behaviour of FileInfo Indexes by way of the .htaccess file. Refer to the Apache documentation on AllowOverride.

Please modify the AllowOverride to also allow the local configuration of AuthConfig resulting in:

<Directory /var/www/ninja/www/>
    Options Indexes FollowSymLinks MultiViews
    AllowOverride FileInfo Indexes Authconfig
</Directory>

Solution 2

Your configuration should add AuthConfig Limit at

AllowOverride FileInfo Indexes

Becomes

AllowOverride FileInfo Indexes AuthConfig Limit

Share:
43,206

Related videos on Youtube

BonifatiusK
Author by

BonifatiusK

Updated on September 18, 2022

Comments

  • BonifatiusK
    BonifatiusK over 1 year

    I am trying to configure an apache virtualhost which needs to be password protected in the root directory.

    So I created a .htpasswd file (with sha passwords) and configured the .htaccess file. Howevery whatever I do, on the webpage I get an error 500 (internal server error) and in the error.log I see this:

    /var/www/ninja/www/.htaccess: deny not allowed here

    or if I leave the deny out of the .htaccess:

    AuthUserFile not allowed here

    Both .htpasswd and .htaccess file are readable for apache and are set to the www-data user and group. I also tried adding these rules to the virtualhost config file but that didn't do the trick either.

    Can you please help me out?

    Thanks!

    config file apache:

    <VirtualHost *:80>
    ServerAdmin webmaster@localhost
    ServerName ninja

    DocumentRoot /var/www/ninja/www
    ServerAlias ninja

    <Directory /var/www/ninja/www/>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride FileInfo Indexes
        Order allow,deny
        allow from all
    </Directory>

    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
    <Directory "/usr/lib/cgi-bin">
        AllowOverride None
        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
        Order allow,deny
        Allow from all
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error.log

    # Possible values include: debug, info, notice, warn, error, crit,
    # alert, emerg.
    LogLevel warn

    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

    htaccess file: (placed in /var/www/ninja/www/)

    Deny from all
#Allow from (You may set IP here / to access without password)
AuthUserFile /var/www/ninja/.htpasswd   
AuthName authorization
AuthType Basic
require valid-user

    Here is an ls of the mods-enabled directory

    alias.conf -> ../mods-available/alias.conf
alias.load -> ../mods-available/alias.load
auth_basic.load -> ../mods-available/auth_basic.load
authn_file.load -> ../mods-available/authn_file.load
authz_default.load -> ../mods-available/authz_default.load
authz_groupfile.load -> ../mods-available/authz_groupfile.load
authz_host.load -> ../mods-available/authz_host.load
authz_user.load -> ../mods-available/authz_user.load
autoindex.conf -> ../mods-available/autoindex.conf
autoindex.load -> ../mods-available/autoindex.load
cgi.load -> ../mods-available/cgi.load
deflate.conf -> ../mods-available/deflate.conf
deflate.load -> ../mods-available/deflate.load
dir.conf -> ../mods-available/dir.conf
dir.load -> ../mods-available/dir.load
env.load -> ../mods-available/env.load
mime.conf -> ../mods-available/mime.conf
mime.load -> ../mods-available/mime.load
negotiation.conf -> ../mods-available/negotiation.conf
negotiation.load -> ../mods-available/negotiation.load
php5.conf -> ../mods-available/php5.conf
php5.load -> ../mods-available/php5.load
reqtimeout.conf -> ../mods-available/reqtimeout.conf
reqtimeout.load -> ../mods-available/reqtimeout.load
setenvif.conf -> ../mods-available/setenvif.conf
setenvif.load -> ../mods-available/setenvif.load
status.conf -> ../mods-available/status.conf
status.load -> ../mods-available/status.load
  • BonifatiusK
    BonifatiusK over 10 years
    thanks, the error 500 is gone, 'I do get You don't have permission to access / on this server.' I take it that would be the htaccess generating that?
  • Artem P
    Artem P over 8 years
    Only Limit needed.
  • Hokascha
    Hokascha almost 7 years
    Also keep in mind to add the AuthConfig configuration to both SSL and non-SSL apache config files in case you have them seperated.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Password protect directory with Apache: "couldn't check user. Check your authn provider!"
htaccess gives 500 - Internal Server Error
How to access htpasswd-protected page automatically
Redirect IP to domain using SSL
Apache: deny acces to directory but allow 1 file
Apache Sending "Content-Length : 0" , How to Fix?
prevent the browser from downloading doc docx and pdf
How to allow only specific directories to use htaccess?
Rewrite IP address of a host to another IP address with .htaccess
Removing php extension with .htaccess does not work