httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robin Miller <>
Subject Re: [users@httpd] Allowing users to view content of password-protected directory
Date Sun, 27 Jan 2013 18:29:36 GMT

Michael, thanks so much for your help.

I am nervous about removing and reinstalling password protection, as 
there are some 150 users who have stored their passwords. (I know I 
could save the file.) However, I have confirmed that the password 
file is in the proper location (and password protection would be 
broken if it weren't, I imagine).

I did try adding an index file, and that does display. So the problem 
is that directory listing is being suppressed in password-protected 

I have read a dozen online discussions of this issue, and adding 
IndexOptions +ShowForbidden (with or without the +) is always 
suggested as the solution to avoiding the suppression of directory 
listings. I have added that line of code to the .htaccess files in 
both my public_html directory and the password-protected 
subdirectory. I have also added Options +Indexes, although it's 
unnecessary because directory listing is enabled in 
non-password-protected directories.

I have read page after page of Apache documentation, and, while I 
have only a general understanding of these matters, only thing I can 
see that could cause this behavior is the absence of an AllowOverride 
Indexes (or All) directive in the server configuration file.

So I will open a ticket with my hosting company and suggest that as a 

Thanks again,

At 02:06 AM 1/27/2013, you wrote:
> > My problem is that I want users who have logged in to the
> > password-protected directory to be able to view a listing of the
> > content of the directory and its subdirectories. None of the
> > directories have index files, so under normal conditions, an attempt
> > to access the directory would yielding a listing of the directory
> > content.
> >
> > However, the present coding (or my hosting company's configuration)
> > does not allow that. An attempt to view
> > (the protected directory) yields the
> > following error message, even when the user has logged in through
> > password access:
> >
> > 403 Permission Denied
> > You do not have permission for this request /subscribers/
> >
>I tried this with a cPanel account and an .htaccess file that was nearly
>identical to yours and it worked for me (It showed the directory listing
>after I logged in).  I would try the following:
>1) Temporarily remove the password protection on the directory you want
>to protect and then re-add it.  Use the cPanel File Manager to help
>ensure that the corresponding passwd file is created.
>2) Verify that the corresponding passwd file has been created.  Make
>sure that it's there, that it has the username you expect, and that the
>directory it is in matches the directory in your .htaccess
>3) If that doesn't work, try to temporarily add an index.html file in
>the directory you're trying to protect.  This might provide a clue as to
>whether or not it has anything to do with the directory listing and the
>password protection not working together.
>4) If it still doesn't work, I would suggest opening a ticket with your
>hosting provider.  If they can't resolve it, they should at least be
>able to let you know why it's not possible.
>I hope that helps,
>-Michael S.
>To unsubscribe, e-mail:
>For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message