View Full Version : .htaccess password protection problems

07-14-2004, 05:38 PM
1-Okay....I am attempting to use .htaccess to password protect a certain page on my website. I have both the .htaccess and .htpasswd files uploaded to the same directory, which also holds the test.html file I would like to protect. When I load the test.html page it does pull up the Password dialog box with the username already in place but when I type in the password and hit enter it just pops right back up at me. Does anyone know what I am doing wrong?

2-When doing some research on htaccess I found that for security issues you should not put these files in a directory but above the root directory...

"For security, you should not upload the htpasswd file to a directory that is web accessible (yoursite.com/.htpasswd), it should be placed above your www root directory...."

and also... "and the other is through an htaccess series of commands that prevents itself from being accessed by a browser."

How exactly do I put these above the root directory?


07-14-2004, 06:13 PM

With the facts that you have described, I have these assumtions:
1) your .htpasswd file is corrupted. Let me remind you: .htpasswd file has to have the form:


where <user> is username and <passwd> is encrypted password (for Apache for Unix/Linux with Crypt Algorithm, for Apache for Windows with MD5)

2) You do not have appropriate Require directive.
You should have one ofthe following in your .htaccess file:
Require user joe
Require group people
or simply:
Require valid-user


07-15-2004, 03:00 AM
you say you uploaded your .htpasswd , if you created it on win32 then it probably sill not work on *NIX server (as they use a different algorithm to encrypt) , even from 1 *NIX server to another can have the same issues where both are configured to use different encryption routines.

so create your .htpasswd using the .htpasswd program on your live machine , if you do not have shell access it may be possible to use PHP's exec() to pass the command

07-15-2004, 07:55 AM
Well thanks guys for your input! I'm still having trouble though. Here's what I have:

htpasswd file:

AuthUserFile /test/.htpasswd
AuthGroupFile /dev/null
AuthName EnterPassword
AuthType Basic

require user brent

Am I doing something wrong or is it what was mentioned above? If it is the above responses, how do I correct them?

"so create your .htpasswd using the .htpasswd program on your live machine , if you do not have shell access it may be possible to use PHP's exec() to pass the command"

How do I do this?

07-15-2004, 09:55 AM
AuthUserFile /test/.htpasswd

Is this the full path to your test directory? Because it has to be the full path from the root of the partition, not relativelly from the root of your web site.

As for the propper encryption, it would help if you would tell which OS and web server you are using.


07-16-2004, 06:50 AM

AuthUserFile /test/.htpasswd---->This is from www.boughtataprice.com/test/.htpasswd

What is the root of the partition mean?

I am using WinXP on my laptop if that is what you mean. As for the server...I'm honestly not sure what's being run on it. When I get an error page it says "Apache/2.0.40 (Red Hat Linux)" at the bottom. I have hosting through www.websytz.com.


07-20-2004, 05:20 PM
hm, that is what is actually wrong
/test/.htpasswd is not valid path to your .htpasswd file. You should state the full path to your .htpasswd file.
This means that you would have to ask your web hosting provider to tell you the full path to your web site's home dir. When they give it to you you will append the /test/.htpasswd to that, so you will have for example:

AuthUserFile /home/sites/yourwebsite.com/wwwroot/test/.htpasswd

Everything above is valid only in case that your web site is hosted on linux/unix Apache server.

On your laptop, you can not use .htaccess if you do not have Apache installed. If you want to use .htaccess with IIS, you will need IISPassword (http://www.troxo.com/products/iispassword/).


07-21-2004, 07:18 PM
Thanks for your response. I have made several attempts to fix this but was still unsuccessful. While in SmartFTP uploading I noticed the following directory structure:


I've tried:
AuthUserFile /www/httpdocs/test
AuthUserFile /www/boughtataprice.com/httpdocs/test
AuthUserFile /httpdocs/test
AuthUserFile /boughtataprice.com/httpdocs/test

None of these have worked. Do you think that my root directory is still not correct?


07-27-2004, 03:29 PM
Just bumping this to the top!