Apache Friends Support Forum

Hello, I have simple question.
When I use http://localhost/security/index.php -
XAMPP DIRECTORY PROTECTION (.htaccess)
and input user and password, why I can still open xampp directory without authentification window to invite me for the user and password.
I'm using 1.8.3.
Thanks.

Because the Xampp Directory is the Xampp Directory and Security Directory is the Security Directory (they are siblings) and a .htaccess protects only THAT Directory, where it is stored.

Yes I know, but I have still access to Security Directory regardless if I entered the username and password. Why? Is it bug?

I have the same above issue. I can go to xampp directory and security directory without authentication. No popup dialog to input username and password.
I'm using 1.8.3-3 in Windows 8.1

Maybe the PHP Script (which installs .htaccess etc.) fails in writing back the files.

Simply proceed to the securitiy folder, watch out for .htaccess, open it with any editor and see what is written inside. If there is no .htaccess or it is empty, you already have a clue that the security does not word properly. Of there is a .htaccess, but it does not contain the proper authorization code. Find it out!

There may also be a .htaccess in your document root (c:/xampp/htdocs). I never worked with this security script, therefore i dont know if it is working correctly.

You can provide the necessary configuration in .htaccess by yourself, if you dont know what to put there, read some tutorials about "Basic Authorization" in Apache, it is not so difficult to understand.

Hello,

I have .htaccess files in 2 folders: "htdocs/xampp/.htaccess" and "security/htdocs/.htaccess".
Content of 2 files are same:
AuthName "xampp user"
AuthType Basic
AuthUserFile "E:\xampp\security\xampp.users"
require valid-user

"E:\xampp\security\xampp.users" existing.

May be my apache config wrong?
Here is my apache config: http://pastebin.com/6p8uCbHd

Thank you,

What is the contents of E:\xampp\security\xampp.users?

P.S.: I just have a completely different idea: could you explain more precisely what you mean by "I have the same above issue. I can go to xampp directory and security directory without authentication.". What exactly is meant by "i can go to xampp and security directory?"? What exactly are you doing there?

exirata wrote:Yes I know, but I have still access to Security Directory regardless if I entered the username and password. Why? Is it bug?

In your first post, you wrote that you are asked for a user and a password, when you use http://localhost/security/index.php. This is a contradiction to the above statement!?

Hi Nobbie,

The content of xampp.users:
comnuoc:$apr1$bxVZAN13$RIk31YxrtDIdEAnY9YABW1

It's meant i can go to http://localhost/security/index.php and http://localhost/xampp/ without authentication. No popup dialog appears to input username and password.

Thank you,

Hi,

I have a similar issue. I setup a username/password for xampp (.htaccess) but for some reason I don't get the login popup when I access localhost/xampp

thanks.