1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 5:15 am May 2, 2026

Forum Moderators: phranque

Message Too Old, No Replies

Password protection htaccess

Problem with password protecting a directory with .htaccess file

         

Martin_Sach

1:42 pm on Nov 15, 2005 (gmt 0)

10+ Year Member



I am trying to password protect a directory. It's a shared hosting unix server hosted by a major ISP. I have command line access and have created the password file which I have called daumanpw.txt successfully as far as I can tell. For security this file is located in a directory called passwd that is on the same level as the www directory where the website's main public access files are stored. I *think* I have done everything right as regards the password file itself. There is only one user.

The .htaccess file is in a subdirectory off the root,which is the directory I want to protect. It contains only the following lines:

AuthUserFile /home/dauman-retail-displ/daumanpw.txt
AuthUserFile /dev/null
AuthName not-yet-public
AuthType Basic
require user dauman

However when I attempt to look at the index file of the dirstory concened using a browser, I get to see the AuthName correctly but the password is not accepted. It looks as if the .htaccess file is being read but the reference to the password file itself isn't. The dialogue box just reappears after I enter the password and press return. There is no "password error" error message which perhaps there would be if it was the wrong password. It might be a pathing error in the first line but that is the path that shows up in CuteFTP.

Can anyone offer any ideas please?

Martin

crevier

7:49 pm on Nov 15, 2005 (gmt 0)

10+ Year Member



Martin, the htaccess setup should work no matter where your password file is, as long as two things are true: the file exists and Apache has rights to read it (assuming that your provider has Apache configured to allow this stuff).

This may sound overly simple, but the first thing I'd do is copy and paste the full path from your htaccess file into an 'ls' command just to make sure that full path is correct. Something like this: 

ls -l /home/dauman-retail-displ/daumanpw.txt

The second thing would be to open up the read permissions to make sure Apache can definitely read the file: 

chmod 666 /home/dauman-retail-displ/daumanpw.txt

Once you get this to work, you can use 'chmod' to make the permissions more restrictive, but it's usually good to start with them wide open (666) and go from there (I hope you know what this means).

I wish I had more to offer, but that's all I can think of at the moment. Also, in case you care, I always just put both my .htaccess file and my .htpasswd file in the same directory to make maintenance easy. Then, in my .htaccess file, I add the following lines: 

<Files ~ "^\.ht">
 Order allow,deny
 Deny from all
</Files>

This insures that no one can view any files on my web site that start with ".ht", which obviously protects both your .htaccess and .htpasswd from prying eyes.

Martin_Sach

1:40 pm on Nov 16, 2005 (gmt 0)

10+ Year Member



Hi many thanks for your help, using the ls command to check the path was a very good tip. In fact I'd not got the path wrong but I was concentrating on fixing what was not broken! However the second line of my .htaccess file had a typo in it - it was the same command as line 1! I now have it working.

Good idea to put the block on viewing .ht files in as well, I've put that in my home directory htaccess file to protect them all.

Many thanks for helping.

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 5:15 am May 2, 2026