problem protecting a directory using .htaccess
문제
I have created a .htaccess and .htpasswd files, and stored them in the folder I want to protect and when I navigated to that folder, I was asked for the username and passowrd (stored in the .htpasswd file) after entering the username and password, I got a 500 Internal server error. I have used the files on both localhost (windows) and on a web server (linux I guess) both gave the same result mentioned.
this is my .htaccess file:
<Files ~ "^\.(htaccess|htpasswd)$">
deny from all
</Files>
AuthUserFile /.htpasswd
AuthGroupFile /dev/null
AuthName "Please enter your ID and password"
AuthType Basic
require valid-user
order deny,allow
해결책
I doubt that your .htpasswd
file is really located at the very root of the server's filesystem along with /bin
, /usr
, /home
, and others (rather than inside the part of the filesystem served to web browsers).
According to Apache documentation (1, 2), AuthUserFile
expects a file path (as if you were in ServerRoot, usually /usr/apache
or similar, and trying to locate the file from the Unix shell). It cannot be a URL, either absolute or relative. Correct your .htpasswd
file path accordingly.
Note that if possible, you shouldn't put the .htpasswd
file inside a public_html
or htdocs
folder, because any configuration error could not only allow unauthorized access to the files you want to protect but also the authorized usernames and hashed passwords.
다른 팁
Use an absolute hosting path, eg:
/home/content/14/5267714/html/.htpasswd