02-05-2003, 01:39 PM
I'm having problems with the password protection on a directory using .htaccess.
I've created a password file .htpasswd and put in a line of the form:
then in my .htaccess file I've added the following lines:
AuthName "Locked Area"
However, when I try and access the directory using the correct username/password it is rejected as invalid. (I've tried several different password encryption programs).
Thanks a lot,
02-05-2003, 05:16 PM
Try following this guide:
02-05-2003, 05:24 PM
Thanks , but I've already looked at that code guide and others. I think I have done it correctly (at least according to those guides I have), but there is something else that is causing it not to work, e.g. file permissions, or something in Apache that needs to be set. The files are all owned by the same user and all users have read permissions. I just wondered if there was something else that I should've set that isn't mentioned in the guides.
03-05-2003, 10:46 AM
there's a couple of syntactical errors in your post, maybe also in you file if you didnt copy and paste.
it should looks like this :
(a *working* example)
Authname "Secure Area"
AuthUserFile /abs path to file/.htpasswd
AuthGroupFile /dev/null /* this can be ommitted
<Limit GET POST>
look at the case of Authtype and you also dont have method for authentication
also both .htaccess & .htpasswd need to be in the directory you are protecting unless path specifies otherwise and CHMOD 644 both of them.
htaccess is a '*nix thing' not an 'apache thing' and if you are getting login errors its in your file that is the prob.
the above code is an exact copy of my file
(with some ommissions for groups and custom access and the like)
BTW i have a perl script that will generate both these files for you from the directory you wish to protect if that will help :D
hope this helps
03-05-2003, 11:02 AM
I think the problem was that the correct permissions were not set up in the apache conf files. Anyway, I ended up putting this entry into access.conf
AuthName "Secure Area"
#Path to file containing username/password for user validation
#This will allow access to any valid username/password combination found in the
And this worked ok. It's also apparently faster to do it this way as all the .htaccess files are not searched every time the directory is accessed.