You did indeed use the Apache htpasswd utility to create and populate the .htpasswd file, correct?

You don't really need the

AuthGroupFile

directive if you are just going to require a valid-user and not use groups.

And a great way to find out lots of information on your server is to run a server-side script in either perl or PHP to dish up your environment variables. This comes in very handy. You will, of course, want to keep scripts like this in an area where nobody else can run them, or perhaps even move them over to the server, run them, and then remove them again right away.

The .htaccess should be in the members folder and not the .htpasswd file

The .htpasswd file should be in a directory outside of the www directory so that it can't be accessed.

put .htpasswd here:

/home/content/e/x/a/exampleuser/secure_stuff/

Modify your .htaccess to show this:

AuthUserFile /home/content/e/x/a/exampleuser/secure_stuff/.htpasswd

and then store your .htaccess here:

/home/content/e/x/a/exampleuser/www/members/

Thanks for both your replies.

I actually found out through googling ".htaccess issues with blanketyblank host" that this webhost's web accessible folder is html/, and not www/ or public_html/, which was the problem with the .htaccess file. Simple answer, i know, but if you read below, you'll see that it wasn't an answer i could find through my own access, and furthermore, several calls to the host tech support did not yeild them telling me this simple bit of information.

Frank, i understand your suggestion, but i think a large issue here is that i am given access only to html/ ... nothing above it. So i simply don't have access to create a u/s/e/username/secure_stuff directory as far as i know... it would have to be u/s/e/username/html/secure_stuff, which obviously defeats the purpose.

Thanks both for your help... since I was lucky enough to receive a few replies, I wonder if anyone would like to indulge my follow-up question, which i think again has to do with this specific host's stubornness:

Now that .htaccess works, i'm obviously prompted for the user/pass... but the pass doesn't work. Ugh, i feel dumb just watching myself type this... but again, i've done what a dozen tutorials told me to do with these files... the .htpasswd file has this in it:

test:(encrypted pass using online tool)

No extraneous spaces, not a binary file... i can only guess that either there's a permission issue with the host, or the files are in the wrong places. If i'm hearing you right Frank, my files are indeed in the right place for them to work correctly, with both files being located in the home/content/e/x/a/exampleuser/html/members/ directory? It's just that you don't suggest putting them there. So this should still work properly...

Some shared hosting providers are no longer allowing any type of directory structure above the *public* docroot. Granted, this is not the ideal setup but that is how some of them are structured. So, basically you are stuck with a less than ideal situation -- where do I place my private info? Good question.

The best idea I can think of is to create a directory in the document root and drop a Deny/Allow in there and that is where you could store your .htpasswd file(s). Then, in any other directory that you want secured you could reference this directory as the path in your AuthUserFile directive.

- www (your document root) 
 - my_secret_directory 
  .htaccess 
  .htpasswd 
 - my_public_dir_that_some_can_see 
  .htaccess

in the

www/my_secret_directory/.htaccess

file you could have something like this:

Order Deny,Allow 
Deny from all

Then of course you would never want to see this here directory in a directory listing, nor a hyperlink, etc.

Then, in the

www/my_public_dir_that_some_can_see/.htaccess

file you would reference this as the AuthUserFile directive:

AuthUserFile /path/from/root/to/www/my_secret_directory/.htpasswd

Like I said, it is not an ideal situation. Perhaps somebody else will come along with a better idea or shoot holes in this one ...?