htaccess doesn't work - always wrong password

testing picture testing · Apr 4, 2012 · Viewed 50.9k times · Source

I am trying to password protect a directory, and have two files in the directory which should password protected it:

  • .htaccess
  • .htpasswd

HTACCESS:

###Contents of .htaccess:
AuthUserFile /var/www/html/path/to/my/directory/.htpasswd
AuthName "Protected Files"
AuthType Basic
Require user admin

HTPASSWD:

###Contents of .htpasswd
admin:oxRHPuqwKiANY

The password is also admin, but no matter what password I try, it is always wrong. It immediately asks for the password again!

What is wrong with this configuration?

Answer

Mike picture Mike · Apr 5, 2012

This problem is almost always because apache cannot read the .htpasswd file. There are four causes that come to mind:

  1. it isn't parsing the path correctly... how did you create the .htaccess file? Does it have unix line endings (versus say using Notepad in Windows?

  2. is the path correct? What does the following command (with the path update) show? ls -l /var/www/html/path/to/my/directory/.htpasswd

  3. does the web server have access to the file? chmod 644 and see if that solves the problem.

  4. it can't parse the .htpasswd file: in this case, you are using the crypt() encryption so it does seem you created the file on Linux and it is probably fine. Some types of encryption only work on certain platforms, if in doubt try switching to MD5.

You may find helpful messages in the Apache error log.

My money is on #3.