My first time using htaccess to ask for a user password.
on my server
.htpasswd file lies in my root directory of my server.
.htaccess file lies in folder folder "uploads" (which lies in the root dir)
i used …
<?php
echo dirname(__FILE__);
?>
to get the full server path to my root dir.
my .htaccess file in my "uploads" folder looks like this now:
AuthType Basic
AuthName "Uploads to my website"
AuthUserFile /home/.sites/74/site484/web .htpasswd
Require valid-user
and my .htpasswd file in the root looks like this:
admin:$apr4$CxS3O/..$vJcWNd6tlUwg6PAn.6cpA1
now when i browser to mydomain.com/uploads i get:
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
what am i doing wrong here?
thank you for your help!!!
Looks like there's a space instead of a slash between the directory and file name in the AuthUserFile line.
Related
And sorry if this question has already been answered. But I'm trying to add a folder to my Drupal 7 installation that can be accessed only via password. I have created the folder in my FTP (and named it folder), but unfortunately I can't access this folder. I'd like the folder to look like this (like in Wordpress)
But instead I get "Page isn't working".
Br. Five
Assuming you are running Apache, try adding a .htaccess file to that folder with the following content:
Options +Indexes
When you want to password protect the directory with .htaccess you'll also have to add this:
AuthType Basic
AuthName "My Protected Area"
AuthUserFile /path/to/.htpasswd
Require valid-user
I use mysql dumper to work with my database. The program prompts me to create folder protection. After typing name and password, program created htaccess. and password files in dumper's directory. Unfortunately after I am not able to access the same url - internal server error. Permissions are - folders 755, files 644. Apache error log shows no record. Path in file is correct. Basicaly in any folder where I try to put this htaccess file becomes unavailable with internal server error. What can be the problem? Thank you.
This is content of newly created htaccess file
<IfModule mod_rewrite.c>
RewriteEngine off
</IfModule>
AuthName "MySQLDumper"
AuthType Basic
AuthUserFile "/data/web/xxx/web/dump/msd1.24.4/.htpasswd"
require valid-user
The problem was, I had to enable authn_file and auth_basic modules in apache for this to work.
When I choose the same directory for .htaccess and .htpasswd, everything working fine.
But the situation below makes me sad.
I have one .htacces file in the root folder (johan) containing the code below.
AuthName "johan User"
AuthType Basic
AuthUserFile C:/wamp/www/johan/protectthisdir/.htpasswd
Require valid-user
.htpasswd is located at protectthisdir.
When I try to access the johan suddenly getting authentication required message box. But I need it only at protectthisdir. How to do this? Please help.
You should put the .htaccess file in the folder you want to protect, and not the root folder in your case.
The .htpasswd file should not be accessible from a browser so putting it above the DocumentRoot folder is a good idea. So in C:\wamp in your case.
PS:
It would be better to create a Virtual Host for your site to run in, in a completely different folder structure from the default wamp folders See this post for help on that
I have a folder in my htdocs folder ChemLabDB and inside the directory I have my HTML files that the user can browser from their browsers. When the user put the path to the directory, the browser displays all the files. I put the .htaccess and .htpasswd file in the directory. Now everytime I visit the website, I get a enter password prompt.
My Directory:
My .htaccess file:
AuthType Basic
AuthName "Not Available to Users"
AuthUserfile "../htdocs/ChemLabDB/.htpasswd"
Require valid-user
What do I modify so the user can browse without having to enter authentication credentials. The only time a user is REQUIRED (for security) to enter is when they try to browse the directory?
You don't need to take refuge of Basic Authentication. Just put this line in your root .htaccess file:
Options -Indexes
And don't forget to comment out Basic Authentication code.
I have created a .htaccess and .htpasswd files, and stored them in the folder I want to protect and when I navigated to that folder, I was asked for the username and passowrd (stored in the .htpasswd file) after entering the username and password, I got a 500 Internal server error. I have used the files on both localhost (windows) and on a web server (linux I guess) both gave the same result mentioned.
this is my .htaccess file:
<Files ~ "^\.(htaccess|htpasswd)$">
deny from all
</Files>
AuthUserFile /.htpasswd
AuthGroupFile /dev/null
AuthName "Please enter your ID and password"
AuthType Basic
require valid-user
order deny,allow
I doubt that your .htpasswd file is really located at the very root of the server's filesystem along with /bin, /usr, /home, and others (rather than inside the part of the filesystem served to web browsers).
According to Apache documentation (1, 2), AuthUserFile expects a file path (as if you were in ServerRoot, usually /usr/apache or similar, and trying to locate the file from the Unix shell). It cannot be a URL, either absolute or relative. Correct your .htpasswd file path accordingly.
Note that if possible, you shouldn't put the .htpasswd file inside a public_html or htdocs folder, because any configuration error could not only allow unauthorized access to the files you want to protect but also the authorized usernames and hashed passwords.
Use an absolute hosting path, eg:
/home/content/14/5267714/html/.htpasswd