Password protect directory [solved]

[changlee]

Somebody helped me :-)

Thank you all !!!

[Bernard T]

You just rename and use the htaccess.txt and it will most probably work

[changlee]

No, I did not faced the problem at the latest Joomla installation. It was at Joomla3.0.x as I remember...

If the problem exists, you just copy the data from the latest .htaccess file.

:-)

[mandville]

Dude can you please share how someone helped you solved the issue on password protect directory? So others will get the idea in case they experienced the same issue.

The answer is on the previous page. If you take time reading posts you will see the help Was regard ing the solved marker.

[bobysolo]

I had the same problem and I checked on the same server the differences in .htaccess files from different pages, where on some the password protection worked and on some it didn't.

The only difference I found between .htaccess files was this line, which was removed from latest versions of Joomla packages:

Code: Select all

RewriteCond %{REQUEST_URI} /component/|(/[^.]*|\.(php|html?|feed|pdf|vcf|raw))$ [NC]

Now, I don't know if it's good that this line is removed or why it was removed, but when I add it back to the .htaccess file in the root of the webpage, it works. No more 404 errors in the administrator directory.

[changlee]

Exactly. That line is the problem.

And we do not know why that was removed.

[Webdongle]

Exactly. That line is the problem....

That is not accurate.

Re- adding that line back into the .htaccess does prevent the 404 error occurring on servers that have problems with the .htpasswds outside of site root with mod_rewrite on. But removing that line is not the cause.

Also placing .htpasswds in the protected folder (adjusting the path in the password protect's .htaccess) prevents the 404 error

Another method of preventing the error on servers that have problems with the .htpasswds outside of site root with mod_rewrite on ... is to add a 401.shtml to the site root.

The problem (as far as has been reported until now) only happens on servers that have cPanel. It does not happen on all servers that have cPanel but cPanel with .htpasswds outside of site root with mod_rewrite on ... is the only common factor.

It happens with wordpress as well as other scripts but only on cPanel with .htpasswds outside of site root with mod_rewrite on.

[changlee]

So what do you exactly suggest?

If I install a new Joomla 3.3.x and password protect a directory, I receive 404 at /administrator.

[Webdongle]

So what do you exactly suggest?
...

You could ask your Host to fix the problem with thier server ... but you will not have much luck getting the Host to admit it's their settings.

Either one of the following will work around the problem if your Host will not fix the problem with their server settings..

Re- adding that line back into the .htaccess does prevent the 404 error occurring on servers that have problems with the .htpasswds outside of site root with mod_rewrite on. But removing that line is not the cause.

Also placing .htpasswds in the protected folder (adjusting the path in the password protect's .htaccess) prevents the 404 error

Another method of preventing the error on servers that have problems with the .htpasswds outside of site root with mod_rewrite on ... is to add a 401.shtml to the site root.

[killerkoz]

I've had the same problem. The issue is htaccess.txt. I have password protection on my administrator directory. I didn’t have any problems until I was enabling SEF URLs and needed to activate htaccess.txt. I use Joomla! 3.4.2.

I tried everything suggested in this post including various edits of RewriteRule .* index.php [L]. I also tried placing the .htpasswd in the administrator directory and adjusting the path inside the administrator .htaccess but that did not work either.

I added that line missing in the newer versions of the htaccess.txt (posted by bobysolo) and it worked. Thanks for the detail in the post.

Cheers, Rob

[Bernard T]

A complete description of the source of the problem and the solution was discussed here: http://forum.joomla.org/viewtopic.php?f=714&t=858974

[killerkoz]

Thanks Bernard T! A much better solution. I'll let my hosting provider know about this. For those who stumble across this post, the key information starts here:
http://forum.joomla.org/viewtopic.php?f ... 4#p3266125

[leolam]

The key information is outlined here: http://forum.joomla.org/viewtopic.php?f ... 4#p3298991

Leo

[Webdongle]

But you said

For all here: This has nothing to do with the default .htaccess file. It is caused by a server that is not correct configured. Please read what Nicholas of Akeeba replied on the Github and he is completely right. It is good for those who can solve this issue through changes in the htaccess file but they should not be needed in the first place.

Leo

http://forum.joomla.org/viewtopic.php?f ... 4#p3298820

The link you provided in that post says

...
So, as I said several months ago, the problem comes from BADLY CONFIGURED servers. If you don't have a custom error document in place then DO NOT tell Apache that you have a custom error document in place or bad crap will happen. Sounds reasonable, doesn't it?

https://github.com/joomla/joomla-cms/is ... t-98073361

In another thread you say the problem is with the .htaccess

Not for "my" server config and I am assured that it is not server but .htaccess so it will be resolved for people who have this situation

Leo

http://forum.joomla.org/viewtopic.php?f ... 1#p3233569

Please could you be clear on how you fixed the problem on your servers. Did you edit the standard Joomla .htaccess file or did you edit your server configuration ?

[Bernard T]

Let me recap again, in more details, that should probably clarify any doubts.


The Problem:
In J! 3.3.1 and later users experience problems setting up the Apache based password protected directory


Diagnosis:

• .htaccess was changed in that version, see https://github.com/joomla/joomla-cms/co ... 131f02ea3f
• this fix indirectly brought to the light a buried misconfiguraton of default settings in Cpanel, where it tells Apache to search for custom designed HTML error file in a folder, which by default doesn't exist.
• Consequently, when searching for a custom error page to display to users not allowed to enter the password protected directory (401), Apache doesn't find a custom page for that error. Then it gives a 404 error as it wasn't able to find that previously mentioned nonexistent 401 custom HTML error file.

Therapy / Cure:
You can fix this in two distinct ways

1. create the missing custom error pages - consult Cpanel documentation how to do it
2. tell Apache that instead of searching for nonexistent custom error page, it should simply display a textual message, by inserting this line into .htaccess file :

   Code: Select all

   ErrorDocument 401 "Authorisation Required"