Hi,
I have tried to make a directory secure using a .htaccess file
Here is the content:
AuthName "Admin"
AuthType Basic
AuthUserFile /htpasswd.txt
Require valid-user

The .htpasswd file has the username and password encrpted. I have put the .htpasswd file one directory above the.htaccess file.
I currently have .htpasswd.txt - is this right??

Any help would be appreciated. I must be missing something. :rolleyes:

    cretam wrote:

    Hi,
    I have tried to make a directory secure using a .htaccess file
    Here is the content:
    AuthName "Admin"
    AuthType Basic
    AuthUserFile /htpasswd.txt
    Require valid-user

    The .htpasswd file has the username and password encrpted. I have put the .htpasswd file one directory above the.htaccess file.
    I currently have .htpasswd.txt - is this right??

    Any help would be appreciated. I must be missing something. :rolleyes:

    I never use HTTP Auth
    but the normal name of file is .htpasswd like .htaccess
    so 1) you name file .htpasswd
    and 2) same name for
    AuthUserFile .htpasswd

    this will work, as BOTH .htaccess and .htpasswd is always in the current folder
    the folder in which protection

    Here is 'the official manual on HTPASSWD at apache
    http://httpd.apache.org/docs/2.0/programs/htpasswd.html

    .htaccess tips and tricks - a GOOD Tutorial on different ways to protect stuff
    http://corz.org/serv/tricks/htaccess.php

    A Google search for '.htaccess .htpasswd examples'
    http://www.google.com/search?num=100&q=.htaccess+.htpasswd+examples+OR+sample

      Yeah... .htaccess is the full filename. Since you're using Windows, you won't be able to simply rename the file as you would any other file - Windows will complain that you must give the file a name.

      What I do, is create a file called something such as... test.htaccess. Then, I open an MS-DOS prompt window (Start -> Run -> cmd), and rename the file through DOS (ren test.htaccess .htaccess).

      Otherwise, you can upload the file and rename it through your FTP utility.

        Thanks guys, I have done as suggested but still nothing happens when I try to access the secure folder. I put both the .htaccess and .htpasswd in the folder I am trying to make secure.

        This is what I put in my .htaccess file
        AuthUserFile /.htpasswd
        AuthType Basic
        AuthName "Secret Place"

        <LIMIT GET POST>
        require valid-user
        </LIMIT>

        I am only using it on my apache serve on my laptop but I would expect it to still function normally.

          This:

          AuthUserFile /.htpasswd

          is most likely not correct.

          If the .htpasswd file is in the same folder, then get rid of the forward slash. Otherwise, you're telling Apache that the file is in the root of the drive.

          In addition, you really don't need the LIMIT conditional, just have a Require valid-user statement after the auth info.

            Done both of your suggestions and still don't nothing happens when I try and access the folder.

            Any other suggestions?

              Can you PM me a link to this directory that you're trying to secure?

                No sorry I can't because it is not live - only on my laptop with apache on it.
                c:/mydocuments/htdocs/pub/admin is where the files reside.

                  So the .htpasswd file is in the same directory as the .htaccess file, and you've changed your .htaccess to look like this:

                  AuthUserFile .htpasswd

                  ?

                    cretam wrote:

                    The .htpasswd file has the username and password encrpted.

                    There's one obvious problem. Only the password is supposed to be encrypted. the username is not.

                      While that is a very big problem, it shouldn't be allowing free access to the directory...

                        Only the password is encrypted. And yes I have the .htpasswd file in the same directory (admin folder) as the .htaccess file.

                        But still no popup asking for username and password when I access the directory ie. http://localhost/pub/admin

                          Ok... can you post the content of your .htaccess file again? Just want to make sure we're on the same page.

                          Also, are you viewing file extensions in Windows? To check, open My Computer, click Tools, click Folder Options, click the View tab, and make sure the box that says "Hide extensions for known file types" is unchecked. Then verify that the two files are indeed ".htaccess" and ".htpasswd" respectively, nothing more (such as an extra .txt on the end).

                          EDIT: Also, open up your httpd.conf file for Apache, and look for the <Directory> listing that contains the htdocs folder (for example, mine said <Directory "C:/Program Files/Apache Group/Apache/htdocs">). Inside that <Directory> tag, look for an "AllowOverride" directive. What is it set to? "All"? "None" ?

                          Also, search the .conf file for the keyword "AccessFileName". Do you find "AccessFileName .htaccess" ?

                            Write a Reply...