.htaccess headaches

Joined
Sep 4, 2009
Messages
11
Reaction score
0
Points
1
Location
London
Your Mac's Specs
iMac, iPhone, iPod
I posted a few days ago about password protecting directories within a site for clients to view work progress etc..... was recommended by a few people (here and elsewhere) to use .htaccess and .htpasswd files.

I've had endless trouble and after 4 solid days of banging my head into a brick wall, I'm wondering whether anyone here might be able to tell me what on earth I am doing wrong.

I have upgraded my hosting package to one that I am assured supports CGI scripting, and everyone at the helpdesk tells me there is no reason why this is not working.

When I try to open up the page a drop down box appears for username and password. So far, so good. I enter the details........ click ok, and I get diverted to a 500 internal server error message screen.

I am guessing that the problem could well be, that the .htaccess file possibly has the incorrect route to the .htpasswd file. Does that sound like the case? The server is obviously picking up the htaccess file but then loses it from the point where it needs to communicate with the password file?

I've been given three different options as to what the file path is by the host, but without truly knowing my stuff, it's very tough for me to tell them to double check things when I think they are giving me the wrong info. A couple of months ago, they upgraded their servers so all the info they were giving out was wrong. It took me 2 days to discover that!

Just for your info..... my .htaccess file reads:

AuthUserFile file/path/to/.htpasswd
AuthName "Secure Client Area"
AuthType Basic
require user MarkWallis

And the .htpasswd is simply

MarkWallis:encryptedpassword

I encrypted it on a recommended website...... any chance it's not encrypting it properly and that is what's causing the trouble?

Also, I have heard that there is a small piece of PHP scripting that I can create a file with, upload onto the server to find out what the true path is - anyone know how that works, because if I'm getting loads of different info, it might be down to me to find out for myself!

Thank you so much in advance.

All the best
Bex
 

Raz0rEdge

Well-known member
Staff member
Moderator
Joined
Jul 17, 2009
Messages
15,745
Reaction score
2,071
Points
113
Location
MA
Your Mac's Specs
2022 Mac Studio M1 Max, 2023 M2 MBA
Your .htaccess looks good except for the require line. I've traditionally used "require valid-user" there and the .htpasswd file has the list of user:password combination that's acceptable.

You are probably on the right track thinking whether the path to .htpasswd is correct. If you have SSH access to your host, you can login and then go to the directory where you put .htaccess and type 'pwd' to grab the directory.

If that isn't possible, and you have access to PHP ony our webhost, you can create a simple file with the code "<? phpinfo(); ?>" and load that in your browser, you will get a bunch of information about PHP and also importantly the full directory where the PHP file is executing from. Compare this directory with where you think your .htpasswd is and confirm they match..

Regards
 
OP
B
Joined
Sep 4, 2009
Messages
11
Reaction score
0
Points
1
Location
London
Your Mac's Specs
iMac, iPhone, iPod
You're a hero! Whatever you've done seems to have changed something even if it's not still quite working yet. All that is now happening is that the username/ password box is coming up, I enter the info, and it comes strait back up again saying that the combo was incorrect and prompting me to re-enter. So it seems now to be communicating with .htpasswd but for some reason not liking what I enter???

I've tried a new username/ password combo to test I hadn't duffed that up, but it was the same again. I am wondering again if I was possibly using an unsuitable encryption site? Is that possible?

I am uploading the .htpasswd file in ASCII mode as I was recommended previously, and as prompted by my host I have changed the permissions of the CGI files and the directories they are contained within as their server doesn't execute the script for security reasons apparently. I am guessing I have done that correctly but again it's tricky to be sure as the help page was written before they changed their servers......

Thanks for the advice about the require line...... the only reason I had the specified user down is that there are some pages for some clients and others for others if you get my meaning.

In this scenario would the best option be to create a new .htpasswd file for each new section as well as an .htaccess file, maybe naming it slightly different each time like .htsecure? Of course that's once I've figured out how to get it working that is....!

;)

Many thanks again!
 
OP
B
Joined
Sep 4, 2009
Messages
11
Reaction score
0
Points
1
Location
London
Your Mac's Specs
iMac, iPhone, iPod
Also..... now I'm thinking about it..... I have trouble uploading the .htaccess files onto the server as my MAC doesn't let me save the file with the "." at the beginning... not without making it invisible anyway!!!

Could that be what's causing the problem. I save the file as htaccess.txt and then rename it to .htaccess once it's up...
 
OP
B
Joined
Sep 4, 2009
Messages
11
Reaction score
0
Points
1
Location
London
Your Mac's Specs
iMac, iPhone, iPod
Right - I am officially an idiot!

Thanks for the info Raz0rEdge - I've been tinkering about, and suddenly dawned on me what the problem was. I hadn't stopped to think that because I had copied and pasted in the encrypted password strait off the website that I got it from the text file automatically saved as an .rtf as opposed to at .txt.

Even though I was changing the name once it was uploaded, it seems it messed it up. As soon as I changed the file to a .txt and re did it - hey presto! Awesomely happy - so awesome in fact that I did two victory laps of the flat!

Thanks so much for your help, once again!

Now that I've done the first section, no doubt I'll need to upload all the other client's stuff in separate directories...... so with the require line being valid-user, I'm guessing I'll need to create different password files for each individual section???

All the best

:)
 

Raz0rEdge

Well-known member
Staff member
Moderator
Joined
Jul 17, 2009
Messages
15,745
Reaction score
2,071
Points
113
Location
MA
Your Mac's Specs
2022 Mac Studio M1 Max, 2023 M2 MBA
Now that you have the system working with 'require valid-user', you could probably switch back to requiring a specific user and see if it continues to work.

I would imagine that you want to segregate different client data in separate directories, each with their own combination of .htaccess/.htpasswd with the appropriate client names..

This is just RIPE for some package to do all of this..:)

Regards
 
OP
B
Joined
Sep 4, 2009
Messages
11
Reaction score
0
Points
1
Location
London
Your Mac's Specs
iMac, iPhone, iPod
This is just RIPE for some package to do all of this..:)

Regards

Yeah - couldn't agree more! There are loads of PC software gizmo's out there that do it all for you "with a few clicks" but sadly nothing mac as yet. Would make like so much easier.

Ironically now I've got it sorted I am asking what all the trouble was about, but I think if you have a site with loads of different password protected areas it would be a very efficient way of managing them.....

Wonder how long it will be till someone comes up with that? ;)

Thanks again.

Bexxy
 

Shop Amazon


Shop for your Apple, Mac, iPhone and other computer products on Amazon.
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.
Top