Password protection using htaccess & LiteSpeed?

Discussion in 'Apache Migration/Compatibility' started by Richard, Apr 25, 2009.

  1. Richard

    Richard New Member

    Hi,

    We have the following setup in a clients htaccess file:

    AuthName "Restricted Area"
    AuthType Basic
    AuthUserFile "/home/user/htpasswds/.htpasswd"
    require valid-user

    With LiteSpeed enabled it doesn't even bring up the authentication box and then breaks the site and doesn't bring up the css or javascript. However when we switch to Apache it works fine. Alternatively if we rename index.php to index.php.bak with LiteSpeed, the password protection works fine.

    Any ideas?
  2. mistwang

    mistwang LiteSpeed Staff

    Can you show us the whole .htaccess file? Maybe something else affect this.
    Any thing special for index.php?

    Also, you can enable debug logging.
  3. Richard

    Richard New Member

    Here's the rest of the htaccess file.

    Code:
    ## default index file
    
        DirectoryIndex index.php
    
    <IfModule mod_php5.c>
    
    ############################################
    ## adjust memory limit
    
    #    php_value memory_limit 64M
        php_value memory_limit 128M
        php_value max_execution_time 18000
    
    ############################################
    ## disable magic quotes for php request vars
    
        php_flag magic_quotes_gpc off
    
    ############################################
    ## disable automatic session start
    ## before autoload was initialized
    
        php_flag session.auto_start off
    
    ############################################
    ## enable resulting html compression
    
        #php_flag zlib.output_compression on
    
    ###########################################
    # disable user agent verification to not break multiple image upload
    
        php_flag suhosin.session.cryptua off
    
    ###########################################
    # turn off compatibility with PHP4 when dealing with objects
    
        php_flag zend.ze1_compatibility_mode Off
    
    </IfModule>
    
    <IfModule mod_security.c>
    ###########################################
    # disable POST processing to not break multiple image upload
    
        SecFilterEngine Off
        SecFilterScanPOST Off
    </IfModule>
    
    <IfModule mod_deflate.c>
    
    ############################################
    </IfModule>
    
    <IfModule mod_ssl.c>
    
    ############################################
    ## make HTTPS env vars available for CGI mode
    
        SSLOptions StdEnvVars
    
    </IfModule>
    
    <IfModule mod_rewrite.c>
    
    ## enable rewrites
    
        Options +FollowSymLinks
        RewriteEngine on
    
    ############################################
    ## you can put here your magento root folder
    ## path relative to web root
    
        #RewriteBase /magento/
    
    ############################################
    ## workaround for HTTP authorization
    ## in CGI environment
    
        RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
    
    ############################################
    ## always send 404 on missing files in these folders
    
        RewriteCond %{REQUEST_URI} !^/(media|skin|js)/
    
    ############################################
    ## never rewrite for existing files, directories and links
    
        RewriteCond %{REQUEST_FILENAME} !-f
        RewriteCond %{REQUEST_FILENAME} !-d
        RewriteCond %{REQUEST_FILENAME} !-l
    
    ############################################
    ## rewrite everything else to index.php
    
        RewriteRule .* index.php [L]
    
    #</IfModule>
    
    
    ############################################
    ## Prevent character encoding issues from server overrides
    ## If you still have problems, use the second line instead
    
        AddDefaultCharset Off
        #AddDefaultCharset UTF-8
    
    <IfModule mod_expires.c>
    
    ############################################
    ## Add default Expires header
    ## http://developer.yahoo.com/performance/rules.html#expires
    
        ExpiresDefault "access plus 1 year"
    
    </IfModule>
    
    ############################################
    ## By default allow all access
    
        Order allow,deny
       Allow from all
  4. auser

    auser Super Moderator

    I append
    to above .htaccess, tested on latest 4.0.2, looks no problem.

    when /index.php exists, every non-exist page for example
    http://domain.com/123/4.html will display
    /index.php content but url remain as
    http://domain.com/123/4.html

    by clear browser cache, the authentication box always pop up.

    Suggestions:
    1.is it the latest 4.0.2?
    2.if no authentication box pop up, how about clearing the browser cache?
    (especially "Authenticated Sessions" in firefox)
    3.how about change
    RewriteRule .* index.php [L]
    to
    RewriteRule .* http://domain.com/index.php [R=301,L]

    hope a bit help for finally resolving the issue.
    Last edited: Apr 28, 2009
  5. mistwang

    mistwang LiteSpeed Staff

    With the combination of rewrite rule, missing customized 401 error page, it will show the problem. Need to verify Apache's behavior under the same condition.
    The work around is to create a error page for 401.

Share This Page