.htaccess doesn't work

[pizzaman]

lsws 2.2, set to use httpd.conf directly. Everything else works nicely, except .htaccess from all virtual host. lsws error_log shows that .htaccess were detected, but it just refused to work. Something as simple as basic authentication such as:

AuthType Basic
AuthName "Restricted Area"
AuthUserFile "/home/user123/www/admin/.htpasswds"
require valid-user

doesn't work and only results in 401 on the browser.

Now I'm reverting back to apache just to wait til this is resolved. Hope someone can point me to the right direction.

Thanks.

 

[mistwang]

That's because the AuthUserFile is double quoted.
The fix will be in 2.2.1

 

[pizzaman]

Oh, well well. I guess almost all customers use that kind of double quote in their .htaccess so I guess I better be waiting ...

Thank you mistwang.

 

[pizzaman]

That's because the AuthUserFile is double quoted.
The fix will be in 2.2.1

With 2.2.1 released, I don't know if this has been fixed or not. Can't see it in the Changelog.

Thanks.

 

[mistwang]

Yes, the fix is in 2.2.1 release, forgot to add that in the change log as it has been for a while.

 

[pizzaman]

Yes, the fix is in 2.2.1 release, forgot to add that in the change log as it has been for a while.

Great, I'll let you know in a few days if this is the last obstables for running
lsws instead of apache in our production systems.

 

[pizzaman]

Well, not quite there yet.

Switching to lsws still shows 401 without asking for authorization.

This is on latest 2.2.1 and the .htaccess file in question look simply like this:

AuthType Basic
AuthName "Restricted Area"
AuthUserFile "/home/username/.htpasswds/admin/passwd"
require valid-user

Changing AuthUserFile location to be inside user's public_html doesn't help.
Apache works ok with this .htaccess and there are many .htaccess files
that look similar to this in the servers.

Thanks.

 

[mistwang]

Can you please post the whole .htaccess file if there are more configuration directives.

 

[pizzaman]

Can you please post the whole .htaccess file if there are more configuration directives.

No, that's the whole thing. Apache works ok with that file.
Lsws just reports 401 and the log says:

x.x.x.x - - [12/Sep/2006:21:20:33 +0700] "GET /path-to/admin/index.php HTTP/1.1" 401 396 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.6) Gecko/20060728 Firefox/1.5.0.6"

 

[mistwang]

OK, thanks!
I will investigate.

 

[mistwang]

OK, the bug has been identified and fixed.
The reason is the customized error page for 401, the authentication header is lost when LSWS perform a internal redirection. I will PM you when a package available for you to try.

Thanks for your bug report.