unable to password protect a directory

[smetric]

I have been trying to password protect a directory using .htaccess and .htpasswd files, but keep receiving server configuration errors. My .htaccess file looks like this:

-----------------------------------------
AuthUserFile /nfs/WWW_pages/<user-name>/<domain-name>/.htpasswd
AuthGroupFile /dev/null
AuthName Secure
AuthType Basic
<limit GET>
require valid-user
</limit>
------------------------------------------'

I've placed a .htpasswd file in the root directory of my web file access. I've tried several variations of the AUthUserFile path. Any suggestions would be appreciated. Thanks.

Mark

[speakman]

My .htaccess for the same purpose in
/home/WWW_pages/<username>/<sub-directory>/has:

AuthType Basic
AuthName "blah blah blah"
AuthUserFile /home/WWW_pages/<username>/<sub-directory>/.htpasswd
Require valid-user

and it works for me.

If you have a .htaccess file for your <username>.member.sonic.net site located
in your /home/WWW_pages/<username>/ directory itself, you might want to
move it aside and try the password again; in my experience, the .htaccess file
in the upper directory gets parsed before the one in the sub-directory in spite
of your domain being rooted at /home/WWW_pages/<username>/<sub-directory>/

YMMV,
Tony S

[smetric]

Thanks for the reply. I tried your suggested .htaccess content with my username info and it still didn’t work.

When I ftp into my account, I get defaulted to the directory /home/s/smetric (my username is smetric). In smetric, there is a sub-directory named public_html. When I go to public_html, it links me to /nfs/WWW_pages/smetric. In here is a subdirectory solmetric.net, which is the root of my web site. In my .httaccess file I’ve tried setting AuthUserFile to /nfs/WWW_pages/smetric/solmetric.net/.htpasswd, and placing the .htpasswd file there. I can’t seem to find anything that will work.

Thanks,
Mark

[kgc]

Mark - just try this and put the .htpasswd file in the same directory as the .htaccess file

Code: Select all

AuthUserFile .htpasswd
AuthName Secure
AuthType Basic
require valid-user

Note that if you are going to use a <limit></limit> stanza that you most likely want to list _all_ methods. In your example you only limit GET requests, but POST requests would not be limited. That is probably not the desired results. http://httpd.apache.org/docs/2.2/mod/core.html#limit

[smetric]

Thanks for the suggestion. I just tried it and it still is giving me an "Internal Server Error" when I attempt to access the resource.
Mark

[kgc]

Mark, there is a garbage (unprintable) character in front of the line 'AuthUserFile' -- your editor may not be displaying it at all. Try deleting the first line and then typing it in again.

[smetric]

Getting rid of the garbage character is a step in the right direction, thanks. Now I get prompted for a username and password instead of getting the internal server error. However it is not recognizing the user name and password I put in. I created the .htpasswd file contents with the sonic .htaccess password tool.
Mark

[kgc]

Mark, looks like I gave you bad advice the first time around. Apache does need the full path to the .htpasswd file and not just the relative path. I've edited the file in place.

[slapout]

I'm having the identical problem. I used to Sonic.net tool to create the .htaccess and .htpasswd files, and I'm get the Malformed Header message. It worked for me a few months ago when I tried it, but this morning it failed.

[kgc]

Can you clarify what tool was used to create an .htaccess file? Did you try opening the .htacess file in a text editor to make sure that it was properly formatted?