Password protection using htaccess & LiteSpeed?

#1
Hi,

We have the following setup in a clients htaccess file:

AuthName "Restricted Area"
AuthType Basic
AuthUserFile "/home/user/htpasswds/.htpasswd"
require valid-user

With LiteSpeed enabled it doesn't even bring up the authentication box and then breaks the site and doesn't bring up the css or javascript. However when we switch to Apache it works fine. Alternatively if we rename index.php to index.php.bak with LiteSpeed, the password protection works fine.

Any ideas?
 

mistwang

LiteSpeed Staff
#2
Can you show us the whole .htaccess file? Maybe something else affect this.
Any thing special for index.php?

Also, you can enable debug logging.
 
#3
Here's the rest of the htaccess file.

Code:
## default index file

    DirectoryIndex index.php

<IfModule mod_php5.c>

############################################
## adjust memory limit

#    php_value memory_limit 64M
    php_value memory_limit 128M
    php_value max_execution_time 18000

############################################
## disable magic quotes for php request vars

    php_flag magic_quotes_gpc off

############################################
## disable automatic session start
## before autoload was initialized

    php_flag session.auto_start off

############################################
## enable resulting html compression

    #php_flag zlib.output_compression on

###########################################
# disable user agent verification to not break multiple image upload

    php_flag suhosin.session.cryptua off

###########################################
# turn off compatibility with PHP4 when dealing with objects

    php_flag zend.ze1_compatibility_mode Off

</IfModule>

<IfModule mod_security.c>
###########################################
# disable POST processing to not break multiple image upload

    SecFilterEngine Off
    SecFilterScanPOST Off
</IfModule>

<IfModule mod_deflate.c>

############################################
</IfModule>

<IfModule mod_ssl.c>

############################################
## make HTTPS env vars available for CGI mode

    SSLOptions StdEnvVars

</IfModule>

<IfModule mod_rewrite.c>

## enable rewrites

    Options +FollowSymLinks
    RewriteEngine on

############################################
## you can put here your magento root folder
## path relative to web root

    #RewriteBase /magento/

############################################
## workaround for HTTP authorization
## in CGI environment

    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

############################################
## always send 404 on missing files in these folders

    RewriteCond %{REQUEST_URI} !^/(media|skin|js)/

############################################
## never rewrite for existing files, directories and links

    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-l

############################################
## rewrite everything else to index.php

    RewriteRule .* index.php [L]

#</IfModule>


############################################
## Prevent character encoding issues from server overrides
## If you still have problems, use the second line instead

    AddDefaultCharset Off
    #AddDefaultCharset UTF-8

<IfModule mod_expires.c>

############################################
## Add default Expires header
## http://developer.yahoo.com/performance/rules.html#expires

    ExpiresDefault "access plus 1 year"

</IfModule>

############################################
## By default allow all access

    Order allow,deny
   Allow from all
 

auser

Super Moderator
#4
I append
AuthName "Restricted Area"
AuthType Basic
AuthUserFile "/home/user/htpasswds/.htpasswd"
require valid-user
to above .htaccess, tested on latest 4.0.2, looks no problem.

when /index.php exists, every non-exist page for example
http://domain.com/123/4.html will display
/index.php content but url remain as
http://domain.com/123/4.html

by clear browser cache, the authentication box always pop up.

Suggestions:
1.is it the latest 4.0.2?
2.if no authentication box pop up, how about clearing the browser cache?
(especially "Authenticated Sessions" in firefox)
3.how about change
RewriteRule .* index.php [L]
to
RewriteRule .* http://domain.com/index.php [R=301,L]

hope a bit help for finally resolving the issue.
 
Last edited:

mistwang

LiteSpeed Staff
#5
With the combination of rewrite rule, missing customized 401 error page, it will show the problem. Need to verify Apache's behavior under the same condition.
The work around is to create a error page for 401.
 
Top