1. Home
  2. Forums Index
  3. WebmasterWorld / New To Web Development 6:08 am Apr 26, 2026

Forum Moderators: mack

Message Too Old, No Replies

passwords from .htpasswd file not being accepted

protected directory is currently a little TOO protected

         

Don_Hoagie

2:54 pm on Jan 26, 2006 (gmt 0)

10+ Year Member



Ok, i was in the Apache forum on this but I got the feeling my questions were a bit too basic for their likes.

Basically i'm getting no support whatsoever from my webhost, who incidentally also denies me access above the root folder. I did manage to get .htaccess up and running, but now when attempting to enter the protected directory online, the passwords located in the .htpasswd file do not get accepted.

I've gone through dozens of tutorials and there doesn't seem to be anything wrong with either of my files...

.htaccess:
AuthType Basic
AuthName "Members Area"
AuthUserFile /home/content/u/s/e/username/html/members/.htpasswd
Require valid-user

.htpasswd:
test:(encrypted pass)

Yes, the .htpasswd file is located in the path dictated by .htaccess.

Another thing- related issue?- is that even though going to a page within the protected directory yeilds the pop-up login window, the page(.php or .html file) still shows up! What's up with that? The CSS file, JS file, and images do not show up, properly awaiting login validation... but the actual page files themselves (located in the same place as those other files) load as soon as you hit the page...

In case it's not clear, I don't do this kind of thing often... namely, this is the second time i've ever written an .htacccess file. But i'd like to think that i'm not an idiot, and that if i'm following what dozens of tutorials tell me to do, it must be something on the host's end.

Thanks for any assistance... i'm not against paying somone to figure this crap out for me either, if it comes to that point.

JollyK

4:21 pm on Jan 31, 2006 (gmt 0)

10+ Year Member



Don, did you get an answer for this? I've never had .htpasswd in the same directory as .htaccess, so I'm actually not sure if that itself would cause issues... My number one suggestion would be to get an ISP who allows access above the document root. :-)

If that's not feasible, make a directory just for .htpasswd, call it, e.g. ".pw", put a blank index.html file in there, and name your .htpasswd file something bizarre like ".987fgsk12l" instead of ".htpasswd" to hopefully prevent people from finding it. They still can, of course, but that makes it a little harder.

Then, in your members only directory, put an .htaccess file pointing to that password file like this:

AuthType Basic
AuthName "Members Area"
AuthUserFile /home/content/u/s/e/username/html/.pw/.987fgsk12l
<Limit GET PUT POST>
require valid-user
</Limit>

I have noticed that without the "Limit" tags, .htpasswd does not work on my server either. Not sure why.

JK

[edit: I have to ask, and please forgive me, but you are putting in the actual path to the .htpasswd and not literally "/u/s/e/username" right? Sorry, but I have seen a lot of very intelligent people use the example as what they need to put in for real. :-) If the path isn't correct, that would cause issues also.]

mack

5:52 pm on Jan 31, 2006 (gmt 0)

WebmasterWorld Administrator 10+ Year Member Top Contributors Of The Month



This is a long shot, but set permissins to 666.

Mack.

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. WebmasterWorld / New To Web Development 6:08 am Apr 26, 2026