Tell me more ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote 0 down vote favorite
1

I have created a .htaccess and .htpasswd files, and stored them in the folder I want to protect and when I navigated to that folder, I was asked for the username and passowrd (stored in the .htpasswd file) after entering the username and password, I got a 500 Internal server error. I have used the files on both localhost (windows) and on a web server (linux I guess) both gave the same result mentioned.

this is my .htaccess file:

<Files ~ "^\.(htaccess|htpasswd)$">
deny from all
</Files>
AuthUserFile /.htpasswd
AuthGroupFile /dev/null
AuthName "Please enter your ID and password"
AuthType Basic
require valid-user 
order deny,allow
share|improve this question
 
Could give us the error-message from your Apache-Logs? –  pex Nov 15 '10 at 0:17
 
@pex: Where can I find the error log?? –  sikas Nov 15 '10 at 0:29

2 Answers

up vote 1 down vote accepted

I doubt that your .htpasswd file is really located at the very root of the server's filesystem along with /bin, /usr, /home, and others (rather than inside the part of the filesystem served to web browsers).

According to Apache documentation (1, 2), AuthUserFile expects a file path (as if you were in ServerRoot, usually /usr/apache or similar, and trying to locate the file from the Unix shell). It cannot be a URL, either absolute or relative. Correct your .htpasswd file path accordingly.

Note that if possible, you shouldn't put the .htpasswd file inside a public_html or htdocs folder, because any configuration error could not only allow unauthorized access to the files you want to protect but also the authorized usernames and hashed passwords.

share|improve this answer
 
OK, I`m now testing on localhost (Windows 7), should the AuthUserFile be C:/wamp/www/.htpasswd? –  sikas Nov 15 '10 at 0:27
 
it worked with me after setting the AuthUserFile to C:/wamp/www/.htpasswd ... but when I uploaded the file after changing the path, it didn`t work. Note: I`m using x10hosting free service. –  sikas Nov 15 '10 at 0:42
 
@sikas: Your web host supports PHP, right? Try uploading a PHP file that only contains <?php phpinfo(); and see what the SCRIPT_FILENAME is. That should help you determine where your web site is on the server. –  PleaseStand Nov 15 '10 at 0:50
 
I have done this, and I got this /home/sikas/public_html/ location to the file ... what should I do with this? –  sikas Nov 15 '10 at 0:53
1  
@sikas: Use AuthUserFile /home/sikas/public_html/.htpasswd if your .htpasswd file is at http://mysubdomain/.htpasswd, AuthUserFile /home/sikas/public_html/secret-files/.htpasswd if it is located at http://mysubdomain/secret-files/.htpasswd –  PleaseStand Nov 15 '10 at 0:58
show 1 more comment
up vote 1 down vote

Use an absolute hosting path, eg:

/home/content/14/5267714/html/.htpasswd
share|improve this answer

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.