Apache ignores my `.htaccess` file. I've read more or less every thread about this issue I could find and tried all the solutions and nothing works. I've tried them more than once.
# The setup
- Ubuntu 16.04.1 LTS (GNU/Linux 4.4.0-57-generic x86_64) on VPS
- Apache/2.4.18 (Ubuntu)
- Django 1.10 via WSGI
- Python 3.5 in virtualenv
I want to serve some files that should only be available via approved IP ranges or user login. I have a `.htaccess` file that I've previously used on a webhost with a php-based website, and now I want it to work on a VPS with a Django-based website.
The names of the directories below have been changed, but they should be faithful to the setup.
## Location of files
`.htaccess` file inside `/dir` in a subdir, `/dir/1/2/3`.
I want it to apply settings to every subdir in that subdir, e.g. `/dir/1/2/3/a`, `/dir/1/2/3/b`, `/dir/1/2/3/c`. These dirs have files that should be protected access (e.g. `/dir/1/2/3/a/file.pdf`).This should be done via `.htaccess`, not server-wide settings because the list of acceptable IPs is very long and I rather not have it bloat my apache config files.
## `.htaccess` file
Most of the content is redacted for privacy reasons, but it follows this template.
# initial deny
<Limit GET POST>
order deny,allow
deny from all
# SUBSCRIBER LIST
#a very long list that follows this pattern or with CIDR ranges
allow from 1.2.3.4
# other settings
# users
require user someuser
satisfy any
</Limit>
# authtype
AuthType Basic
AuthName "Available only for subscribers."
require valid-user
AuthUserFile "/dir/passwd"
The `passwd` file has the necessary permissions as well.
## Apache config
Default config file: `/etc/apache2/sites-available/000-default.conf`
Has a number of other settings that work fine e.g. related to WSGI. Adding nonsense to test this results in apache error as expected.
Directive to enable `.htaccess`:
<Directory /dir>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
</Directory>
Also tried:
<Directory /dir>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
Allow from all
</Directory>
Tried a number of other variations. None of them make any difference. I restart between any changes.
I've verified that this directory is spelled correctly.
## `sites-enabled` vs. `sites-available`
Someplace I read that one must edit the `sites-enabled` config file, not the `sites-available` one. These are the same files, the `enabled` one just links to the `sites-available` one.
## `a2enmod`
Is enabled:
user@server:dir$ sudo a2enmod rewrite
Module rewrite already enabled
## Permissions
`chown` is server's user: `www-data`.
`chmod`. I tried a number of settings: a+x, u+x, 777, many others, more than once.
Permissions are as of writing:
-rwxrwxrwx 1 www-data www-data 11135 Apr 5 14:47 .htaccess
## `DocumentRoot`
[According to this accepted answer][1], the `.htaccess` file must be in the `DocumentRoot` or a subdir of that. I changed the `DocumentRoot` to point to `/dir`. No effect.
## Main apache settings: `/etc/apache2/apache2.conf`
Instead of editing the virtualhosts config, one can edit the main apache settings file.
This file has some more `Directory` directives. One of these is:
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
I assume that any deeper directive will overwrite a higher one, but I saw some people say this isn't so. I tried setting this one to `AllowOverride All` as well. No effect. In fact I tried setting all the Directory directives to that, including the irrelevant ones (relating to other directories e.g. `/var/www` which is not used).
## `AccessFileName .htaccess`
This setting is unchanged from default and is as it should.
## Logs
There are no errors or anything of relevance in either the error log or the access log.
## Nonsense test
To determine whether apache is even reading the file, I tried adding deliberate syntax error into `.htaccess`. No server error, so server must be ignoring the file completely.
--
I cannot find anything more to try.
[1]: https://stackoverflow.com/questions/25809132/htaccess-being-ignored-ubuntu-14-04