can't get .htaccess password protection to work

Forum Moderators: phranque

Message Too Old, No Replies

can't get .htaccess password protection to work

welkin

2:40 am on Mar 5, 2006 (gmt 0)

basically it's just two files, right? and i have the correct path etc... but somehow when i load the page and try to enter the username/password, it simply doesn't let me in... any pointers? possible common errors?

(also just curious, why is it that each time i generate a passwd it always looks different even when the same string's used?)

thanks a lot in advance~

MichaelBluejay

3:22 am on Mar 5, 2006 (gmt 0)

Maybe you could post the text of your files (but not mention your domain of course) to see if that provides some clues.

I don't know why the password looks different every time, maybe it has something to do with making it harder for hackers to reverse-engineer.

welkin

3:54 am on Mar 5, 2006 (gmt 0)

i used the very basic template that i found online:

.htaccess:

AuthUserFile
[the path].../.htpasswd
AuthName EnterPassword
AuthType Basic

require valid-user

.htpasswd:
welkin:R3fKXC1ed2IvA

Thanks.

MichaelBluejay

10:44 am on Mar 5, 2006 (gmt 0)

I don't know if this matters, but in my .htaccess file these things are different:

(1) "AuthType Basic" is the very first line
(2) "AuthUserFile" and the path are on the same line

If the problem is that your login isn't recognized, then that means the server is definitely *asking* you to log in, so evidently that part of .htaccess is working. That seems to point to a problem with the .htpasswd file, or that the server can't *find* the password file. Make sure you start the pathname with a slash and list all the dirs right from the top, e.g., /home/username/public_html/restrictedfolder/.htpasswd.

BTW, for testing purposes, if you don't yet have any sensitive info in the protected directory, you don't have to encrypt the password. You can put the password in .htpasswd as plain text.

welkin

8:12 pm on Mar 5, 2006 (gmt 0)

thanks... but it's still not working. :( i tried to edit the password file with the command htpasswd too and it still doesn't work :(

do you know if there's any other good ways to put up passwd protection other than through htaccess? thanks.

welkin

12:46 am on Mar 6, 2006 (gmt 0)

Ok I finally figured out how to make it work...

but ALL THE TUTORIALS have been saying, use the path you see when you type "pwd", when I do type that, I see something like:

/nfs/home/y/.....

so I've been using that as my path this entire time. I ended up deleting "/nfs" from the front and now it works. Any idea what nfs is or why this is happening? Thanks!

MichaelBluejay

10:42 am on Mar 8, 2006 (gmt 0)

No idea what /nfs is. On my server the very first folder is /home. Anyway, glad you got it working.

Romeo

11:04 am on Mar 8, 2006 (gmt 0)

use the path you see when you type "pwd"

Well, this should perhaps read
'use the path that the web server (not you) would see if he/she/it would type a "pwd" within his own environment'.

I may be wrong in this case, but the "/nfs/" part suggests that you are working on the server side of an nfs environment (NFS = Network File System - a file ressources sharing mechanism across systems) seeing the nfs server's absolute path while your webserver runs on an nfs client side seeing just his /home file system which in the background is mapped and mounted on /nfs.

Kind regards,
R.