0

I would like to use a .htaccess file to protect my symfony2 website while developing it.

I added the following line at the beginning of my .htaccess located in /web and a .htpasswd file just next with my password.

AuthName "Développement"
AuthType Basic
AuthUserFile ".htpasswd"
Require valid-user

I have a Error 500 when I try to access my website. Is it possible to use a htaccess in my case ? What should I use if it is not posible ?

Gauthier
  • 1,116
  • 2
  • 16
  • 39
  • 3
    First thing you shold always do when you get a 500 error is check your error log. Do that before posting on a forum, that way if the error message doesn't solve your problem you can at least include it in your post. – Paul Aug 18 '16 at 14:55
  • @Paulpro You are right, I don't have the reflex yet. In my case I don't have anything in the log file ... (I mean for that issue, last logs are from 4 hours ago) – Gauthier Aug 18 '16 at 15:09
  • 1
    Did you check the Apache log, or just Symfony's ? For an issue with `.ht` files I would expect there to be a message in the Apache log. – Paul Aug 18 '16 at 15:22

1 Answers1

1

Assuming the 500 error is caused by these directives, the most likely reason is the path to .htpasswd. AuthUserFile says

The AuthUserFile directive sets the name of a textual file containing the list of users and passwords for user authentication. File-path is the path to the user file. If it is not absolute, it is treated as relative to the ServerRoot.

So either use an absolute path (e.g. /var/www/.htpasswd) or add the complete path starting from your document root (e.g. web/.htpasswd).

Also note the last section in AuthUserFile

Security
Make sure that the AuthUserFile is stored outside the document tree of the web-server. Do not put it in the directory that it protects. Otherwise, clients may be able to download the AuthUserFile.

This means, store the auth file somewhere else, like /etc/apache2/htpasswd.

Olaf Dietsche
  • 72,253
  • 8
  • 102
  • 198
  • You were right, moving the .htpasswd in a other directory with the absolute path in the .htaccess solved the problem – Gauthier Aug 19 '16 at 07:47