19

I'm attempting to password protect my public folder so that anyone trying to access externally is prompted to enter a password but not locally. So far I have got it to work using 127.0.0.1 but not localhost. Obviously I COULD just used the ip address but it's more the fact I want to know why it doesn't work. I don't like to be defeated!

#Enable Password Protection
AuthName "Password Protected Server"
AuthType Basic
AuthUserFile c:\xampp\apache\security\.htpasswd
Require valid-user
Order allow,deny
Allow from localhost
Allow from 127.0.0.1
Satisfy Any

My code so far is an accumulation of:

http://www.groovypost.com/howto/how-to/htaccess-password-protect-apache-website-security/

htaccess password protect but not on localhost

I'm running XAMPP 1.7.3 on Windows 7, in case that helps.

Any assistance would be greatly appreciated!

Community
  • 1
  • 1
amctavish
  • 389
  • 3
  • 10

1 Answers1

31

Sounds like an IPv6 issue. When you're connecting to the site with 127.0.0.1, Apache sees the request as coming from the IPv4 localhost (127.0.0.1). But, when connecting to localhost, Apache sees the request as coming from the IPv6 localhost (::1).

If this is the problem, you should be able to solve it by replacing the Allow from localhost line with a Allow from ::1 line.

John Flatness
  • 32,469
  • 5
  • 79
  • 81
  • 1
    What an absolute hero! I came across something similar to this but I put it down as localhost::1 not a separate line. Thanks for putting it straight! – amctavish May 14 '11 at 22:46
  • 1
    Thanks for clearing that up! However, to any human being, "localhost", "127.0.0.1" and "::1" are mere aliases. Does Apache not make it easier to identify these aliases? Oh, and btw, could you add some info on how this works with `Require` in Apache 2.4+? – Domi Nov 02 '14 at 11:33