How to make .htpasswd work?

Gary_King

I have a .htpasswd in my /htdocs/ folder of Apache (but no .htaccess), and it still doesn't ask for the username and password when I go to http://localhost/ ! How can I make this work?

This is what I've got in my httpd.conf:

<Directory "C:\Program Files\Apache Group\Apache2\htdocs">
   Options FollowSymLinks
   AllowOverride All
</Directory>

Mordecai

Are you on Windows, Linux, BSD, etc?

Gary_King

Windows XP, and I'm running Apache HTTP Server 2.0.44

Mordecai

I don't think .htaccess and .htpasswd work on Windows. I might be wrong, though. I know there's a htpasswd.exe floating around somewhere, as to its use, I'm not sure...

Gary_King

They DO work on Windows. As I've already stated, I have created .htpasswd from the htpasswd.exe, but I can't seem to get it to work (and I don't have a .htaccess)

jerdo

You need to create an htaccess file for the htpasswd stuff to work. Look at the docs on apache's website, they have a nice example.

plaggypig

The file .htpasswd in itself is meaningless - you may as well call it "i_don't_RTFM.txt".

You need to set-up a .htaccess file, with the necessary directives to tell Apache about your desire for authentication.

You'll never learn unless you read the docs, however i'll give you a quick example:

AuthType Basic
AuthName "ignoramus zone"
AuthUserFile "C:\Program Files\Apache Group\Apache2\htdocs\i_don't_RTFM.txt"
require valid-user

n.b. The username/password hash file should be outside your docroot for obvious security reasons.

you'll need to use htpasswd.exe to generate the password hashes, unless you have an extraordinary mind for md5 sums.

Andy.

Gary_King

I've tried practically everything, but nothing works. Is there some changes that I am supposed to make to httpd.conf for Apache 2.*?

anthrorules

I am sure that this problem has already been addressed or solved, but I thought I would provide some helpful instructions for people trying to configure the Apache password protection system (.htaccess/.htpasswd) in their Windows workstations or servers....

Here it goes:

1) Create your .htaccess file in the directory that you want to password protect:

Example:

AuthUserFile "C:/Apache/htdocs/DIRECTORY/.htpasswd"
AuthName "Your Admin Area"
AuthType Basic

<Limit GET POST>
require valid-user
</Limit>

2) Then go into your command prompt and connect to the "bin" sub-folder in your Apache folder....

Example:

cd ../../Apache/bin

This should take you to C:/Apache/bin

Basically when you open your Command Prompt, you will be taken to the C:/Documents and Settings/Your Username folder.

Note: Remember to connect to the drive where your Apache server is running.

3) Now, to create the .htpasswd file or whatever you want to name it, you'll need to run the HTPASSWD.exe application:

Example:

htpasswd.exe -c C:/Apache/htdocs/DIRECTORY/.htpasswd yourusername

Then you will be prompted for a password, type it in twice.

Voila! Basically it's the same process as creating a .htpasswd file in UNIX servers, however, you have to run the htpasswd.exe application in the C:/Apache/bin folder.

Then go to the directory:

http://localhost/directory/

and you should be prompted to login.

If you want to create another username/password in the .htpasswd file, then run through steps 2 and 3 again.

Hope this helps.

Gary_King

This is a very old thread, I have already figured it out, plus more options that I can use with HTaccess.

(I am Blak n Wite)

anthrorules

Sorry....guess I shouldn't be helpful...I'll avoid replying to your posts...sorry. goodbye and good day.