htaccess problem

unwashed potato! · 1 Sep 2010 at 22:08

i'm trying to protect a directory by adding htaccess username and password verification.

i uploaded and it asked for username/password so thought i'd test by trying wrong details. i then got a 500 internal error and that's all i get now which is a pain as i'd like to try again.

any thing i'm doing wrong?

this is what i have...

.htaccess file

Code:

AuthType Basic
AuthName "This is a protected area"
AuthUserFile /home/xyz/public_html/php/upload
Require valid-user

.htpasswd file

Code:

admin:OdfRyggFdf2Z/gI

Redgie · 1 Sep 2010 at 22:13

I don't know if I'm mis-understanding how htaccess works but, wheres the username file?

unwashed potato! · 1 Sep 2010 at 22:27

username is before the : so admin in this case.

Pho · 2 Sep 2010 at 11:45

Can you view what the error is in the log file? If you have cpanel I think there's an option to view it.

Alternatively you could try this.

unwashed potato! · 2 Sep 2010 at 20:35

error log.

[Thu Sep 02 20:34:13 2010] [error] [client 86.16.135.182] File does not exist: /home/xyz/public_html/500.shtml
[Thu Sep 02 20:34:13 2010] [error] [client 86.16.135.182] (9)Bad file descriptor: Could not open password file: /home/xyz/public_html/php/upload
[Thu Sep 02 20:34:13 2010] [error] Access to file /home/xyz/public_html/php/upload denied by server: not a regular file

htpasswd generator is what i used

Pho · 2 Sep 2010 at 21:02

The AuthUserFile should point to the path of the .htpasswd file, so if you placed it in public_html/php/upload you would use:

PHP:

AuthType Basic
AuthName "This is a protected area"
AuthUserFile /home/xyz/public_html/php/upload/.htpasswd
Require valid-user

Are you changing /home/xyz to the actual path of your account on the server?

unwashed potato! · 2 Sep 2010 at 23:23

Pho said:
The AuthUserFile should point to the path of the .htpasswd file, so if you placed it in public_html/php/upload you would use:

PHP:

AuthType Basic AuthName "This is a protected area" AuthUserFile /home/xyz/public_html/php/upload/.htpasswd Require valid-user

Are you changing /home/xyz to the actual path of your account on the server?

the only part i'm changing is the xyz part, /home is there as it should be, or am i wrong?

what weird is whilst the htaccess file is there when i'm in folder php i can't see php folder, although i can access it by manually adding it to the url, but then when i remove the htaccess file i can now find the folder again and view it fine. if i then re-add the htaccess file and refresh i can continue accessing the folder and viewing it from php with no attempt of logging

Pho · 2 Sep 2010 at 23:37

Did you change it like I posted above, where it links to .htpasswd too?

What does it say in the error log if you do that?

unwashed potato! · 2 Sep 2010 at 23:53

maybe it's letting me in now for some reason not sure but i think adding .htpasswd has helped.

i don't get asked anything now, though i did once today about 3 hours ago and i entered the correct info but it then showed same error after, but in the latest error logs there is

[Thu Sep 02 23:50:48 2010] [error] [client 86.16.135.182] client denied by server configuration: /home/xyz/public_html/php/upload/.htpasswd, referer: http://www.mysite.co.uk/php/
[Thu Sep 02 23:50:48 2010] [error] [client 86.16.135.182] client denied by server configuration: /home/xyz/public_html/php/upload/.htaccess, referer: http://www.mysite.co.uk/php/

Pho · 3 Sep 2010 at 15:02

Maybe I'm missing which folder you want to protect. If you want to product the root of the PHP folder then move the .htaccess and .htpasswd there (which I assume are currently in the upload folder) and then modify the .htaccess' AuthUserFile to:

AuthUserFile /home/xyz/public_html/php/.htpasswd

unwashed potato! · 3 Sep 2010 at 17:38

i want to protect the upload folder as files will be uploaded there for a short amount of time so just o be safe i don't want anyone other then me to have access to them.

Pho · 3 Sep 2010 at 18:07

Ah ok. Well, assuming it's the same site as the one in your sig I get a password prompt when I try and access the upload folder - and filling in random data doesn't let me in, so it all appears to be fine?

unwashed potato! · 3 Sep 2010 at 18:09

hmm maybe it's working now but i am let in every time i try to access it but then as i said i did try putting in correct details yesterday when it finally did ask me to login. i think adding the .htpasswd as you suggested perhaps did it.

Pho · 3 Sep 2010 at 18:23

It won't prompt you every time, your browser will remember those details for so long and let you back in.

Try it on a different browser and try clearing your cookies in-between login attempts and it should ask you again.