Menu
I'm working on blocking a folder with .htaccess, which I've never used before, and I'm having some trouble. Here's what I have
.htaccess (located in the folder I want blocked):
AuthName "Username and password required"
AuthUserFile /.htpasswd
Require valid-user
AuthType Basic
.htpasswd (located at root, password is encrypted in actual file):
tim:blah
I'm getting 500 Internal Server errors with this and I can't figure out why.
974
htpasswd file is typically used when protecting a file, folder, or entire website with a password using HTTP authentication and implemented using rules within the . htaccess file. User credentials are stored on separate lines, with each line containing a username and password separated by a colon (:).
Most likely problem is this line:
AuthUserFile /.htpasswd
This line should provide full filesystem path to the password file e.g.
AuthUserFile /var/www/.htpasswd
To discover your filesystem path, you can create a PHP document containing
echo $_SERVER['DOCUMENT_ROOT'];
188
If nothing helped and you're using PHP you can make it work by putting this in your index.php (on top):
if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
if ($_SERVER['PHP_AUTH_USER'] != 'user' ||
$_SERVER['PHP_AUTH_PW'] != 'pass') {
header('WWW-Authenticate: Basic realm="Protected area"');
header('HTTP/1.0 401 Unauthorized');
die('Login failed!');
}
}
Permissions can cause this issue too.
Make sure .htpasswd is readable by the web server user.
For instance, if you use nginx check the nginx.conf to find out what the server user is, if you use Apache you can find it out this way, etc.
Then set the right owners and read permissions to .htpasswd
26
If you see 500 Internal Server error these days - it's mostly due to the fact that in newer Apache versions the path in AuthUserFile has to be put inside quotation marks.
AuthUserFile "/var/www/somewhere/.htpasswd"
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
