0

I have created a .htaccess and .htpasswd files, and stored them in the folder I want to protect and when I navigated to that folder, I was asked for the username and passowrd (stored in the .htpasswd file) after entering the username and password, I got a 500 Internal server error. I have used the files on both localhost (windows) and on a web server (linux I guess) both gave the same result mentioned.

this is my .htaccess file:

<Files ~ "^\.(htaccess|htpasswd)$">
deny from all
</Files>
AuthUserFile /.htpasswd
AuthGroupFile /dev/null
AuthName "Please enter your ID and password"
AuthType Basic
require valid-user 
order deny,allow
sikas
  • 5,435
  • 28
  • 75
  • 120

2 Answers2

3

I doubt that your .htpasswd file is really located at the very root of the server's filesystem along with /bin, /usr, /home, and others (rather than inside the part of the filesystem served to web browsers).

According to Apache documentation (1, 2), AuthUserFile expects a file path (as if you were in ServerRoot, usually /usr/apache or similar, and trying to locate the file from the Unix shell). It cannot be a URL, either absolute or relative. Correct your .htpasswd file path accordingly.

Note that if possible, you shouldn't put the .htpasswd file inside a public_html or htdocs folder, because any configuration error could not only allow unauthorized access to the files you want to protect but also the authorized usernames and hashed passwords.

PleaseStand
  • 31,641
  • 6
  • 68
  • 95
  • OK, I`m now testing on localhost (Windows 7), should the AuthUserFile be C:/wamp/www/.htpasswd? – sikas Nov 15 '10 at 00:27
  • it worked with me after setting the AuthUserFile to C:/wamp/www/.htpasswd ... but when I uploaded the file after changing the path, it didn`t work. Note: I`m using x10hosting free service. – sikas Nov 15 '10 at 00:42
  • 1
    @sikas: Your web host supports PHP, right? Try uploading a PHP file that only contains ` – PleaseStand Nov 15 '10 at 00:50
  • I have done this, and I got this /home/sikas/public_html/ location to the file ... what should I do with this? – sikas Nov 15 '10 at 00:53
  • 2
    @sikas: Use `AuthUserFile /home/sikas/public_html/.htpasswd` if your .htpasswd file is at `http://mysubdomain/.htpasswd`, `AuthUserFile /home/sikas/public_html/secret-files/.htpasswd` if it is located at `http://mysubdomain/secret-files/.htpasswd` – PleaseStand Nov 15 '10 at 00:58
  • @idealmachine: I have be able to solve the problem, it seems that denying access to both .htaccess and .htpasswd from the .htaccess caused the problem! – sikas Nov 15 '10 at 00:59
1

Use an absolute hosting path, eg:

/home/content/14/5267714/html/.htpasswd
Nat Ritmeyer
  • 5,634
  • 8
  • 45
  • 58
SEO
  • 11
  • 1