i have a basic auth protected directory with :
AuthType Basic
AuthName "restricted area"
AuthUserFile /path/to/.htpasswd
require valid-user
every thing is ok and directories are not visible , and force to login ,
but .txt files are visible directly in any browsers ,
i checked in every browser and its not some login remember problem
example :
test.com/password-dir/
is no visible but
test.com/password-dir/1.txt
is visible
For every one who come here from google , or Other search mechanisms
I Finally Found The Problem and Fixed it .
When You are Using Curl
Its very strange on litespeed server with cache enabled , when you Request a Url with Authentication data ( user and password ) , even if you dont send Authentication data again , Server will always respond to you request .
in my case :
test/1.txt
was opened one time with auth data and responded to me , because of this , server always responded well even if im not sending auth data.
but when CURL request to another url link like:
test/2.txt
authentication data needed ; so authentication doesnt have problem and worked well . it was just caching mechanism that let me visit/request the file again without auth data.