.htaccess and .htpsswd

Discussion in 'HTML & Website Design' started by matthewbeckman, Mar 17, 2008.

0
  1. #1
    Alright so sort of a noobish question, but I have never had to do it really, so I have no idea what I am doing. I am trying to password protect a directory (/customers) so that anything inside it requires a username and password. So far this is what I have done. I have created a htaccess.txt file on my computer and entered the following.

    
AuthType Basic
AuthUserFile /customers/.htpasswd
AuthName "Ennis Steel Customer Site"
require valid-user
    Code (markup):
    I then made a htpasswd.txt file on my computer and entered this.

    
ennis:THoNDDonxlyQE
    Code (markup):
    The THoNDDonxlyQE is a hashed password. Username and password for now should just be "ennis" for both fields. I have uploaded them via my FTP program as ASCII format instead of binary.

    I have renamed both files so they are .htaccess and .htpasswd respectively. There is a full features index.html page inside the directory. Now when I go to my test server and try to access it, my message and window pop up asking for the login information, but the password/username do not validate. After doing this I checked a tutorial real quick, and it looks like I did it all right, but I am out of ideas... any help?
     
    matthewbeckman, Mar 17, 2008 IP
  2. kk5st

    kk5st Prominent Member

    Messages:
    3,497
    Likes Received:
    376
    Best Answers:
    29
    Trophy Points:
    335
    #2
    The path to the password file should be the full os path, not based on the document root.

    The final answer will depend on the server's configuration. For example, my development server has the default document root at /var/www/

    User document roots are at /home/$username/public_html/

    For security purposes, the password file should be outside the document root's tree. Thus:
    /var/passwd/.htpasswd or
    /home/$username/passwd/.htpasswd

    Be sure your httpd.conf has this: 
    
<Files ~ "^\.ht">
    Order allow,deny
    Deny from all
</Files>
    Code (markup):
    If it doesn't, add the lines to your .htacces file in your document root directory. That will prevent the server from serving up your .htaccess and .htpasswd files.

    If you don't have access to your server config file, try to open your .htaccess in a browser; you shouldn't be able to view it, and if you can, be sure to add those lines to your own directory.

    cheers,

    gary
     
    kk5st, Mar 17, 2008 IP