I have a test server with XAMPP (Apache/PHP/MySQL) running on Windows Server 2003.
I always used without problems .htaccess and .htpasswd files. On the site I'm working on I get ERROR 404 (yes! not 403) when trying to open any file inside the directory protected by .htaccess, which looks like:
<Files .htaccess>
order allow,deny
deny from all
</Files>
AuthName "Area riservata"
AuthUserFile \WEB\TEST\keys\.htpasswd
AuthType Basic
require valid-user
I changed the .htpasswd directory to the same of the .htaccess (\WEB\TEST\public_html\admin\.htaccess) file without success!
If I remove the file everything works fine: apache logs and error logs say nothing.
Where is the problem/error?
EDIT
On my DOCUMENT_ROOT (\WEB\TEST\public_html\) I have this .htaccess file.
I discovered that when commenting the last line (as following - no redirect to index.php for non file and symlinks) my problem disappear. I don't understand why!
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/(it|de|fr|en)/(.*)$ [NC]
RewriteCond %{DOCUMENT_ROOT}/multi_html/%2 -s
RewriteRule ^(it|de|fr|en)/(.*)$ /multi_html/$2?lingua=$1 [NC,L,QSA]
RewriteCond %{REQUEST_FILENAME} !-l
RewriteCond %{REQUEST_FILENAME} !-s
#RewriteRule . index.php [NC,L]
I found myself an answer:
AuthName "Authorisation Required"
AuthUserFile "\WEB\TEST\keys\.htpasswd"
AuthType Basic
require valid-user
ErrorDocument 401 "Authorisation Required" <-- ADD THIS LINE
Apache had changed this somewhat and specifying the 401 error document is necessary as Apache is looking for it when using .htpasswd.