Copy pasted from the above link:
What steps will reproduce the problem?
1. Add a password file with htpasswd
Allow from all
AuthName "Enter password"
3. Attempt to access the app in your web browser, and either enter the
wrong user/pass or hit cancel.
What is the expected output? What do you see instead?
The expected output is an authentication rejection, instead while the
static assets handled by Apache are restricted, the rails app is run by
passenger and generates pages without CSS/images.
What version of the product are you using? On what operating system?
Ubuntu 8.04, Passenger 1.9.1 RC2
Please provide any additional information below.
Looks like Passenger does not inherit the permissions from apache.