1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 12:38 pm May 22, 2026

Forum Moderators: phranque

Message Too Old, No Replies

Can AuthUserFile in .htaccess use a relative path?

want to point to my site's folder without absolute path

         

Bram

8:45 am on Dec 4, 2008 (gmt 0)

10+ Year Member



I'm using .htaccess to password-protect some pages. The password file is specified with the AuthUserFile value, for example: 

   AuthUserFile "/home/sites/myusername/httpdocs/.htpasswd"

Now, by using this absolute path, the site cannot easily be moved to another account or even another server or hoster without changing stuff manually, because the above path won't be valid there. I'd have to manually inspect all .htaccess files in the entire site, and change the paths accordingly.

Therefore, I'd prefer to use something like: 

   AuthUserFile "./.htpasswd"

or 

   AuthUserFile "./httpdocs/.htpasswd"

or 

   AuthUserFile "%{DOCUMENT_ROOT}/.htpasswd"

or whatever would be relative to my site's local folder. But I can't get this to work.

Is this actually possible, or does .htaccess really ONLY allow absolute paths? The apache mod_auth manual says otherwise, but it says 'relative to ServerRoot' which may still be difficult to relate to my site's or account's folder?

(Note: The %{DOCUMENT_ROOT} thing actually gives what I need in RewriteRule, can't that be used with AuthUserFile?)

jdMorgan

12:58 pm on Dec 4, 2008 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Not sure what your ServerRoot and DocumentRoot paths actually are, but have you tried relative paths with no leading slash or one or more "../" sequences such as these? 

AuthUserFile path-from-here/.htpasswd or
AuthUserFile ../path-from-parent-dir/.htpasswd

On big server set-ups, a common approach is to use a PERL script to find and modify common settings. That may be worth looking into, depending on the scale of your plans.

Jim

Bram

9:06 am on Dec 5, 2008 (gmt 0)

10+ Year Member



Yes, I tried several levels of ../ but nothing seems to work. The difficulty here is that there's no way to detect what "the current path" is, or relative to exactly *what* AuthUserFile works.

In fact I don't have such large plans that it would be impossible to change it by hand, but I intend to use this kind of approach on multiple sites, and it would be easy to use the same setup everywhere.

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 12:38 pm May 22, 2026