Forum Moderators: bakedjake
I'm hoping someone can help me before I go back in to work tomorrow.
My boss wants me to password protect a directory on our website. I found directions for this on the internet and thought I followed them correctly today to password protect the directory and not the entire site. However, the result was that the site is protected, and to add insult to injury, the password doesn't even work to get into the site.
What I did was create an .htpasswd file and placed it (for security reasons according to the instructions) in a directory above the www root directory. I created an .htaccess file and placed it in the directory that I wanted to password protect. When I did this, I got the results stated above.
Then in my panic, I tried to delete the .htaccess/passwd files but of course they were invisible, so I deleted the folders they were in, believing that my problem would be solved and the site would go back to the way it was. But I still get the same password screen popping up when I try to access the website.
I'm using Fetch at work, and WS_FTP (lite) at home but can't see the invisble files with either of them.
What can I do to restore the site so that a password screen doesn't pop up? I don't understand why this is happening when the folders with the .htaccess and .htpasswd files were deleted. We have our own server, and there's no tech support to help.
Thank you...
Welcome to WebmasterWorld [webmasterworld.com]!
Did you flush your browser cache?
Are the password-protected files marked as no-cache using Apache mod_headers?
I've seen several recent posts here concerning making .ht files visible in various FTP clients... Try a WebmasterWorld site search to find those posts (or use Google).
<added>I should also note that if you use the "FTP folder view" capability of Internet Explorer's built-in FTP client, you can see .ht -type files. This option may need to be enabled in Internet Options to work.</added>
HTH,
Jim
Then use ls -al to see all the files.
Thank you... seems like a great forum/website. I'm glad I "stumbled" across it.
Yes, I flushed the browser cache, plus tried to access the website from home too from another computer with the same results.
I don't understand the Apache mod_headers question. I think that might be in the admin section that I don't have access to (and the person who does probably won't know either). If I can do this much damage without access, it's probably a good thing I can't get to other files.
Are the .htaccess and .htpasswd files there even though I deleted the two folders?
I'll try a Google search again for how to make the files visible. I did that a little earlier, but everything I found seemed to relate to the versions I don't have (I downloaded a pro version of WS_FTP to evaluate, but it wouldn't run for some reason). The Fetch at work is an old copy, and it costs to upgrade I believe, so that would be out. Maybe I can find another decent one to download that will show invisible files.
Folder view for ftp sites is enabled in Internet Explorer, but I didn't know there's a built-in FTP client or how I could view the folders of the site.
I guess you can tell I'm really lost at this end of things...
Thank you,
Kathy
Thanks again,
Kathy
Type: ftp://yourdomain.com into the IE browser address bar. It will prompt for username and password.
Then it'll look just like a directory on your local PC. You can drag and drop to the ftp site, but not the other way. The main benefit though is that it shows all files.
I don't know why it seems like your .htaccess and .htpasswd files are still active - that's why I was asking about caching issues, because it doesn't make a lot of sense. It sounds like one or both of those files were uploaded to the wrong directories somehow.
Jim
Do you have access to Apache's configuration file?
It is probably called httpd.conf, and located in /etc or /etc/httpd/conf or something like that.
The first thing I would do would be to disable override - that is, tell Apache that it cannot allow .htaccess to override the default settings.
To do this, edit httpd.conf (make a back-up first), and search for "AllowOverride". You might not find it, because the default setting is "All".
If you do find it, change the line it is on to:
"AllowOverride None".
If you don't find it, just add that line to the end of the configuration file.
Restart the server (or just Apache) and you should be able to access the website. You can then worry about where your hidden files have got to...
Thanks, Jim, you were correct. I downloaded a trial version of the current version of Fetch and was able to see all the files and discovered that I put the .htaccess file in the wrong place. And meanwhile also discovered how to view them with my ftp program from home. Also appreciate your telling me how to view ftp through the browser.
To dmorison... no, unfortunately I don't have access to Apache's configuration files. It's a bit of a strange situation at work...
I still have a problem, though I'll make a new post of that. Thanks again, everyone.
Kathy
