Hello and welcome to our community! Is this your first visit?
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    New Coder
    Join Date
    Dec 2008
    Thanked 0 Times in 0 Posts

    Question Can AuthUserFile in .htaccess use a relative path?

    I'm using .htaccess to password-protect some pages. The password file is specified with the AuthUserFile value, for example:

    AuthUserFile "/home/sites/myusername/httpdocs/.htpasswd"

    Now, by using this absolute path, the site cannot easily be moved to another account or even another server or hoster without changing stuff manually, because the above path won't be valid there. I'd have to manually inspect all .htaccess files in the entire site, and change the paths accordingly.

    Therefore, I'd prefer to use something like:

    AuthUserFile "../.htpasswd"


    AuthUserFile "%{DOCUMENT_ROOT}/.htpasswd"

    or whatever would be relative to my site's local folder. But I can't get this to work.

    Is this actually possible, or does .htaccess really ONLY allow absolute paths?

    (note: The %{DOCUMENT_ROOT} thing actually gives what I need in RewriteRule, can't that be used with AuthUserFile??)
    Last edited by Bram2; 12-04-2008 at 12:30 AM.

  2. #2
    Supreme Master coder! abduraooft's Avatar
    Join Date
    Mar 2007
    Thanked 2,250 Times in 2,237 Posts
    AFAIK, it should be an absolute path. I can't find the info from the apache docs, though an .htaccess file is just an extension of your server's conf file. Thus we may need to follow the same rules here also.
    Quote Originally Posted by http://support.easystreet.com/hosting/unix/dynamic-config.htm#passwordprotect
    The AuthUserFile directive specifies the path to the password file. This must be specified as an absolute path -- if specified as a relative path, the web server will look in its root directory, which is not where your content resides.

  3. #3
    New Coder
    Join Date
    Dec 2008
    Thanked 0 Times in 0 Posts
    Well, the apache documentation says:

    Quote Originally Posted by Apache docs
    If it is not absolute (i.e., if it doesn't begin with a slash), it is treated as relative to the ServerRoot.
    But I'm not sure what 'ServerRoot' would be.

    Besides, if %{DOCUMENT_ROOT} would work like it does with mod_rewrite (in RewriteRule etc), that is an absolute path so that might have done the trick. Except it doesn't...?

  4. #4
    New to the CF scene
    Join Date
    Oct 2011
    Thanked 0 Times in 0 Posts
    Granted the thread is old, but the problem still floats around.

    For those who still have this issue of finding their AuthUserFile absolute path to their web space (because your web hosting site is unable to), you can make a simple php file and run it from your site to find the answer.

    Use notepad and make a file called myroot.php (or any filename with the .php extension)
    copy the following code into the file
    <title>Getting your AuthUserFile root location</title>
    echo “<h1>Your website root location is --> “;
    echo “ <--</h1>”;
    Remember to save, and then upload it to your webspace, and run it from a browser on your webspace and copy the path to somewhere safe (and then remember to get rid of the file when you are done using it so a hacker cannot find your AuthUserFile absolute path for your web space).

    It'll display the absolute path where your publically accessible webpages are kept, and more often your FTP can upload to one level up (which is a good spot for keeping password files, or making a folder from that level where the public cannot access, but since the AuthUserFile specifies an absolute path on the hard drive, you can choose a folder that you can only get to with an FTP application).

    I've had a few ISP that had no clue where the site hosting was being done, much less the absolute path for my webspace, so I setup a little page for people wanting to try using htaccess.


    It provides simple examples which can often be the best to get people started, especially taking the time to explain how and why.
    Last edited by ArthurG; 10-12-2011 at 07:29 PM.


Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts