.htaccess and .htpasswd files for directory security

Forum Moderators: phranque

Message Too Old, No Replies

.htaccess and .htpasswd files for directory security

Apache password protection of directories

RaiderUK

7:58 pm on Nov 9, 2006 (gmt 0)

Hi Guys,

I want to restrict access to a directory of my website running on an Apache webserver and think that the use of the .htaccess and .htpasswd files are the way to do this, but I am having a problem getting them to work.

I have created the folder which I want to protect and put a .htaccess and .htpasswd file in the folder. The content of the .htaccess file is as follows:-

AuthUserFile .htpasswd
AuthGroupFile /dev/null
AuthName "Private Area"
AuthType Basic
<Limit GET POST>
require valid-user
</Limit>

Any advice on where I have gone wrong?

Cheers

Chris

jdMorgan

12:41 am on Nov 10, 2006 (gmt 0)

You must use the password-generation script installed on your server to generate encrypted passwords. Failing to do this is probably the most common problem.

The next-most likely problem is that the AuthUserFile path to .htpasswd needs to be the full server filepath to the .htpasswd file. You may have to ask your host what this path is.

Jim

coopster

12:45 am on Nov 10, 2006 (gmt 0)

Welcome to WebmasterWorld, RaiderUK.

Also, if you want to restrict access altogether, than you might want to review the Apache Module mod_access [httpd.apache.org].

RaiderUK

5:46 pm on Nov 10, 2006 (gmt 0)

Thanks for the advice - I will have a look at the link and also try putting in the full path and see what happens.