Develop Reference

Showing Internal Server Error if i use .htaccess to enable the password procted folder [duplicate]

I tried to implement this code into my .htaccess on wordpress.
Everything works fine but when you get access, it throws an 500 Error and redirects me to my hosting park website. It seems that it doesn't load the content. Not sure if the problem is that the path I'm providing doesn't contain the actual content.
SetEnvIf Request_URI ^/quetecalles require_auth=true
AuthUserFile /kaycho.com/wp-admin/.htpasswrd
AuthName "Password Protected"
AuthType Basic
Order Deny,Allow
Deny from all
Satisfy any
Require valid-user
Allow from env=!require_auth
The snippet is based on this article
Error 500 protecting a single url with .htpasswd

AuthUserFile /kaycho.com/wp-admin/.htpasswrd
The file-path to your password file looks incorrect. This needs to be an absolute filesystem-path, not a root relative URL-path (which is what this looks like). If the path is incorrect and the password file cannot be found then you'll get a 500 Internal Server Error response when submitting the user/password.
Ideally, this should be a file-path outside of your document root directory - that is naturally inaccessible to user requests. It should not be in the same location as the .htaccess file implementing the protection.
Reference:
https://httpd.apache.org/docs/2.4/mod/mod_authn_file.html#authuserfile

.htaccess directory protection not working in nginx

I try to protect my dev web project a bit and add directory protection. ("Verzeichnisschutz" in german).
This is my .htaccess file (project/.htaccess)
AuthType Basic
AuthName "Please enter the valid auth details"
AuthUserFile .htpasswd
Require valid-user
This is my .htpasswd file (project/.htpasswd)
test:$apr1$3RWv80vU$MJFZn3DHhrB8yPNO6/TDV.
But I can still enter the website without having to enter any credentials.
I tried different browsers and inspector/private mode.
What is wrong?

Now I know why it does not work.
It is because my project runs on a nginx server and .htaccess does only work with apache.

AuthUserFile in htaccess can be url?

i have this htaccess :
AuthType Basic
AuthName " Vip User Only
AuthBasicProvider file
AuthUserFile c:\inetpub\htpasswd
Require valid-user
<FilesMatch ".(jpg|gif|png|tiff|jpeg|html)$">
Allow from any
Satisfy any
</FilesMatch>
i want to remotely read htpasswd from another server ?
e.g : this htpasswd is in Server A and i want too use htaccess in Server B with Server A's htpasswd !
is this possible ?

See the documentation of AuthUserFile
File-path is the path to the user file.
There's no mention of URI anywhere. To the contrary, it advises (rightly!) to make the file inaccessible from the web
Security
Make sure that the AuthUserFile is stored outside the document tree of the web-server. Do not put it in the directory that it protects. Otherwise, clients may be able to download the AuthUserFile.
Otherwise anybody could download the file, and crack all your passwords.

htaccess just working one time

I have an .htaccess with the following settings:
AuthName "veuillez vous authentifier"
AuthUserFile "/var/www/html/.pass"
AuthType Basic
Require valid-user
And a .pass:
pass:password
(These values are not the real)
It's working perfectly, but just the first time. And even after I delete all history in my browser when I want to return into one web page, I don't have any username and password required.
Why? How can I resolve it?

Variable in Path to .htpasswd file in .htaccess

Would it be possible to have the {HTTP_HOST} variable in this path?
Because my htaccess is used for multiple domains and I want to use different passwords for each domain!
AuthUserFile /usr/test/{HTTP_HOST}/.htpasswd
AuthType Basic
AuthName "My Files"
Require valid-user
UPDATE:
I tested the above code and it gives a 500 Internal Server Error (off course the AuthUserFile points to a directory that DOES exist on my server)