.htpasswd and .htaccess - internal server error
I want to password protect my website, but as soon as I add in the .htpasswd and .htaccess files I get a server error:
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
Here is the code I'm using:
.htaccess
AuthType Basic
AuthName "Top Secret for SongKick eyes only."
AuthUserFile /webroot/.htpasswd
require valid-user
.htpasswd
songkick:isS1rCTQE/p8E
I've also tried AuthUserFile /.htpasswd (ie. without "webroot", which is the name of the folder it appears to be in File Manager) but this doesn't work either.
I'm using GoDaddy hosting by the way, if that makes a difference.
Answer
According to AuthUserFile, you must supply the complete path to your password file, not the relative path from DocumentRoot, if it is absolute (i.e. starting with a slash).
The AuthUserFile directive sets the name of a textual file containing the list of users and passwords for user authentication. File-path is the path to the user file. If it is not absolute, it is treated as relative to the ServerRoot.
Note that ServerRoot is not DocumentRoot.
If DocumentRoot is /var/www and the password file is /var/www/webroot/.htpasswd, you must say
AuthUserFile /var/www/webroot/.htpasswd
in your .htaccess file.
You can find out about the absolute path with a small PHP script, e.g.
<?php
echo "Absolute path: ", getcwd();
Put this in the directory, where you want to locate the .htpasswd file, and call it with http://www.example.com/path/to/test.php
Don't forget to remove the script, when you're done.
Said that, you shouldn't put your password file anywhere accessible in your DocumentRoot. Better put it in some place not accessible from the web, i.e. /etc/apache2/htpasswd or wherever it suits you.