.htpasswd doesn't apply to Cloudflare-protected websites

Hm, weird.

Usually, it has no impact and works fine being served from the origin.

Furthermore, there were users who have had 401 Authorization enabled and we saw it while using Cloudflare and the hostname was proxied :orange:.

Are you sure you have correctly defined the directory path for protection with 401 auth and the is the .htaccess among .htpasswd file path containing correct credentials also located in the needed directory which you want to protect?

Are you sure your Web server supports htacces actually?
Have you checked if it is an Apache / Litespeed or Nginx?

Helpful article:

Another one:

Nevertheless, using Cloudflare, you can create a Firewall Rule to restrict and block all the requests except the one comming from only your IP or your Country to successfully access the Website, while all the others will see an “Access Denied” page.

If interested, below are the articles while you can navigate to Cloudflare Dashboard → Firewall Rules and create one as an example from below:

Example of my statement from above in code expression and picture too:

  • (not ip.src in {my.ip.v4.here}) - just replace my.ip.v4.here with your IP address and make sure the Action is set to “Block

1 Like