Protect a file with .htaccess and .htpasswd

Question

I'm having some troubles configuring the .htaccess file to protect the access of a file. The file to protect is: www.mydomain.com/admin/stats.php

I put the .htaccess file into the www.mydomain.com/admin folder with the following code:

AuthName "Restricted Area" 
AuthType Basic 
AuthUserFile /
<Files stats.php>
require valid-user
</Files>

The file .htpasswd is into the www.mydomain.com/admin folder too and it contains the username and the password.

If I try to access to www.mydomain.com/admin/stats.php I get an "Internal Server Error". I think that the mistake can be into the path of "AuthUserFile" but how can I tell the file that the file to protect is in the same folder of the .htpasswd?

The server is Linux based.

The first thing you should *always* do when you see an Apache error is look at the Apache error log. It will have more information than what was publicly shown on the error page. — Gareth, Jul 01 '12 at 17:33

score 1 · Answer 1 · answered Jul 01 '12 at 16:58

1

I think you need to put complete path to htpasswd file: Ie.

AuthUserFile /home/-user-/-site-/.htpasswd

answered Jul 01 '12 at 16:58

Bjørne Malmanger

1,457
10
11

thanks but what I need to write instead of "user"and "site" field? I have 2 users (and 2 password). – Nicolaesse Jul 01 '12 at 18:02
This is just a full path to your .htpasswd file. I run on a hosted system where I put my .htpasswd file in my home folder – Bjørne Malmanger Jul 01 '12 at 18:15
You can use the phpinfo(); function in PHP to find your filesystem path: – Bjørne Malmanger Jul 01 '12 at 18:20

score 1 · Accepted Answer · answered Sep 24 '17 at 10:54

hello you can try this below :

this is a path.php file who will display the realpath of his parent folder

<?php 

     echo realpath('path.php'); 

?>

in your .htpasswd you need to have something like this :

username:password

but the password need to be encrypt, you can do it with

<?php 

echo crypt('your_password'); 

?>

and finally this is the .htaccess file

<Files page_to_protect.php>
AuthName "Message" 
AuthUserFile \realpath_to_htpasswd\.htpasswd 
AuthType Basic
require valid-user
</Files>

Josef Pfleger · Answer 3 · 2012-07-01T17:07:32.640

0

From the Apache documentation:

File-path is the path to the group file. If it is not absolute, it is treated as relative to the ServerRoot.

That means you either specify the full (absolute) path to the .htpasswd file or one relative to whatever your ServerRoot is. Example:

AuthUserFile /www/passwords/.htpasswd

edited Jul 01 '12 at 17:07

answered Jul 01 '12 at 16:59

Josef Pfleger

74,165
16
97
99

1

note that you need to specify the full path to the file, which means *including the file name*. – eis Jul 01 '12 at 17:05
I change the code with this AuthUserFile /www/.htpasswd but still doesn't work. My problem is that the .htaccess, .htpasswrd and the stats.php are into the same folder so what relative path should I write? – Nicolaesse Jul 01 '12 at 18:01

Protect a file with .htaccess and .htpasswd

3 Answers3

Linked