2

I need to protect my whole website (It's just for development at the moment) with a password. So I created a .htaccess and a .htpassword file. The .htaccess contains

AuthUserFile /my/absolute/path/.htpassword
AuthName "Protected"
AuthType Basic
Require valid-user

My directory tree looks like this

/var/www
|--- file.php
|--- .htaccess
|--- dir
|   |--- text.html
|--- file2.php

If I try to access file.php or file2.php (any file which is directly in /var/www), the webpage is protected by the password. However, I can access the file in the subdirectory (/dir/text.html) without any authentication. I'm absolutely certain that there's no .htaccess in /var/www/dir (I use ls -A).

I've seen on the web that .htaccess is supposed to have an effect on the directory and ALL subfolders, and that's what I want.

Do you know why it doesn't have any effect on the file in subdirectory in my case? If so, how can I make it work?

MrWhite
  • 13,315
Christophe Ramet
  • 121

2 Answers2

-1

you can write custom code in php for session login and forbidden rest access on header 

session_start();
if(isset($_SESSION['user']))
{echo "do the stuff";}
else
{header("location:login");}
MrWhite
  • 13,315
Praveen PL
  • 1
-1

If you have static ip, you can simply allow access to website only from one IP in your virtual host config:

<Directory /> Order Deny,Allow Deny from all Allow from 127.0.0.1 #your IP </Directory>

Ollie
  • 78