Tell me more ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote 3 down vote favorite

hoping someone might be able to help figure out the problem here! I've been googling for over 2 hours and nothing I try is working...

I want to password protect my website, but as soon as I add in the .htpasswd and .htaccess files I get a server error:

Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request. Please contact the server administrator and inform them of the time the error occurred, and anything you might have done that may have caused the error. More information about this error may be available in the server error log.

Here is the code I'm using:

.htaccess

AuthType Basic  
AuthName "Top Secret for SongKick eyes only."  
AuthUserFile /webroot/.htpasswd  
require valid-user

.htpasswd

songkick:isS1rCTQE/p8E

I've also tried AuthUserFile /.htpasswd (ie. without "webroot", which is the name of the folder it appears to be in in File Manager) but this doesn't work either.

I'm using GoDaddy hosting btw, if that makes a difference.

Any help is much appreciated - I'm not a developer so don't understand a lot of the terms used in many of the help articles!

share|improve this question
 
It should show detailed error report in apache log file, check it first. –  aram90 Mar 18 at 11:59

2 Answers

up vote 9 down vote

You must supply the complete path to your password file, not the relative path from DocumentRoot.

If DocumentRoot is /var/www and the password file is /var/www/webroot/.htpasswd, you must say 

AuthUserFile /var/www/webroot/.htpasswd

in your .htaccess file.

Said that, you shouldn't put your password file anywhere accessible in your DocumentRoot. Better put it in some place not accessible from the web, i.e. /etc/apache2/htpasswd or wherever it suits you.

share|improve this answer
2  
This worked for me. –  cmann Aug 7 at 23:00
up vote 2 down vote

Two things come to mind.

  1. Is .htpasswd readable by the web server user?

  2. Do you know if Apache is set with AllowOverride all to allow .htaccess to operate as intended?

share|improve this answer
 
Hey Jake, agh I don't actually know what either of those things mean. What steps would I take to find those out? –  Leanne Beesley Mar 18 at 12:22

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.