0

I have a need to password protect an entire website. I am developing on a live URL (don't ask me why -_- clients...) and I want to be able to develop the site but access it using a username and password so the general public won't be able to see the site being modified.

I've tried to use a .htaccess and .htpasswd file in the same directory.

Here are the contents of it 

AuthUserFile /htdocs/.htpasswd
AuthGroupFile /dev/null
AuthName "Development space"
AuthType Basic
Require development

and the .htpasswd file contains the user development:encryptedpassword

It doesn't appear to be working at all. The password box is generated but just carries on coming back up once I enter the credentials (I have confirmed they are correct).

Can anyone tell me where I'm going wrong?

Please note both the htpasswrd and htaccess files are currently within the htdocs directory

htdocs file permissions are drwxr-xr-x

phynam
  • 467
  • 2
  • 12
  • 1
    How did you create `htpasswd` file? – anubhava Jun 10 '14 at 14:15
  • I used http://www.tools.dynamicdrive.com/password/ and just used the `touch` command to create the `.htpasswd` file and entered the generated credentials. – phynam Jun 10 '14 at 14:19

1 Answers1

4

Your Require line is wrong. It should be:

Require user development
        ^^^^--missing

Require can require many different things (env vars, http methods, groups, blah blah blah), so you have to say WHAT kind of thing you're requiring. You might be better off with just

Require valid-user

unless you're going to have multiple accounts in your .htpasswd and want to allow only certain ones.

Marc B
  • 356,200
  • 43
  • 426
  • 500
  • I've changed it to `Require user development` but no success. I have edited my question and don't know if any of that extra info helps? – phynam Jun 10 '14 at 14:29
  • Check the server's error log. it'll say why the password was rejected. As well, how did you crypt the password? You say you manually created the file, which doesn't sound good. why not use the command line `htpasswd` utility to do it for you? that way you're guaranteed to get correct info in the file. – Marc B Jun 10 '14 at 14:32
  • The site is currently on an `ftp` server so I can't use `ssh` commands via the terminal. – phynam Jun 10 '14 at 14:45
  • if all you've got is ftp access, you'd need to stuff up a php script to dump out the log for you, or download the log file itself. No idea on your server's config, but generally it'd be something like `/var/log/httpd/error_log` – Marc B Jun 10 '14 at 15:29
  • I had the same problem. I was using `Require myUsername` and changing it to `Require valid-user` fixed it. Many thanks! – decebal Feb 15 '18 at 07:41