problem protecting a directory using .htaccess
سؤال
I have created a .htaccess and .htpasswd files, and stored them in the folder I want to protect and when I navigated to that folder, I was asked for the username and passowrd (stored in the .htpasswd file) after entering the username and password, I got a 500 Internal server error. I have used the files on both localhost (windows) and on a web server (linux I guess) both gave the same result mentioned.
this is my .htaccess file:
<Files ~ "^\.(htaccess|htpasswd)$">
deny from all
</Files>
AuthUserFile /.htpasswd
AuthGroupFile /dev/null
AuthName "Please enter your ID and password"
AuthType Basic
require valid-user
order deny,allow
المحلول
I doubt that your .htpasswd
file is really located at the very root of the server's filesystem along with /bin
, /usr
, /home
, and others (rather than inside the part of the filesystem served to web browsers).
According to Apache documentation (1, 2), AuthUserFile
expects a file path (as if you were in ServerRoot, usually /usr/apache
or similar, and trying to locate the file from the Unix shell). It cannot be a URL, either absolute or relative. Correct your .htpasswd
file path accordingly.
Note that if possible, you shouldn't put the .htpasswd
file inside a public_html
or htdocs
folder, because any configuration error could not only allow unauthorized access to the files you want to protect but also the authorized usernames and hashed passwords.
نصائح أخرى
Use an absolute hosting path, eg:
/home/content/14/5267714/html/.htpasswd