Apache Web Server users sometimes have problems getting Apache Authentication/password-protection in htaccess working, this is a troubleshooting guide to get Password Protection working!
- Troubleshooting Apache .htaccess Authentication
- Apache htaccess Authentication Glossary
Add this to your httpd.conf (if on non-windows) but I would imagine that these are already loaded.
LoadModule access_module lib/modules/mod_access.so LoadModule auth_module lib/modules/mod_auth.so LoadModule auth_anon_module lib/modules/mod_auth_anon.so LoadModule auth_dbm_module lib/modules/mod_auth_dbm.so LoadModule auth_digest_module lib/modules/mod_auth_digest.so
Add a .htaccess file in the directory you want to protect with the following code.
AuthType Basic AuthName "Restricted Files" AuthUserFile /path/to/htpwd/.htpasswd Require valid-user
chmod your .htpasswd files 640, .htaccess files 644 chmod php files 600, chmod files that you really dont want people to see as 400 (wp-config.php) and NEVER chmod 777, if something requires write access use 766 or 775
CHMOD your .htaccess file 644 which translates to rw-r-r
chmod your .htpasswd file 640 (rw-r--)
$ chmod 644 .htaccess $ chmod 640 .htpasswd
If you are on linux/bsd then goto a shell and cd into the directory that the .htaccess/.htpasswd file is located in and type the following commands to get rid of any windows formatting, which is oftentimes the problem.
$ dos2unix -dv .htaccess $ dos2unix -dv .htpasswd
Make sure that in your httpd.conf file in the
<directory> code for your docroot or public_html directory you see at least the following after the AllowOverride directive:
Once you see a password prompt then you can use this online htpasswd generator for your .htpasswd file.
- Access Control
- The restriction of access to network realms. In an Apache context usually the restriction of access to certain URLs. See: Authentication, Authorization, and Access Control
- The positive identification of a network entity such as a server, a client, or a user. See: Authentication, Authorization, and Access Control
- A data record used for authenticating network entities such as a server or a client. A certificate contains X.509 information pieces about its owner (called the subject) and the signing -> Certification Authority (called the issuer), plus the owner's -> public key and the signature made by the CA. Network entities verify these signatures using CA certificates. See: SSL/TLS Encryption
- An algorithm or system for data encryption. Examples are DES, IDEA, RC4, etc. See: SSL/TLS Encryption
- The result after -> Plaintext is passed through a -> Cipher. See: SSL/TLS Encryption
- Configuration Directive
- See: -> Directive
- Configuration File
- A text file containing -> Directives that control the configuration of Apache. See: Configuration Files
- An area in the -> configuration files where certain types of -> directives are allowed. See: Terms Used to Describe Apache Directives
- A configuration command that controls one or more aspects of Apache's behavior. Directives are placed in the -> Configuration File See: Directive Index
- Dynamic Shared Object (DSO)
- -> Modules compiled separately from the Apache
<a href="/aa/docs/2.0/programs/httpd.html">httpd</a>binary that can be loaded on-demand. See: Dynamic Shared Object Support
- A mathematical one-way, irreversable algorithm generating a string with fixed-length from another string of any length. Different input strings will usually produce different hashes (depending on the hash function).
- A -> configuration file that is placed inside the web tree and applies configuration -> directives to the directory where it is placed and all sub-directories. Despite its name, this file can hold almost any type of directive, not just access-control directives. See: Configuration Files
- The main Apache -> configuration file. The default location is
/usr/local/apache2/conf/httpd.conf, but it may be moved using run-time or compile-time configuration. See: Configuration Files
- In the context of -> HTTP, an action to perform on a resource, specified on the request line by the client. Some of the methods available in HTTP are
- Message Digest
- A hash of a message, which can be used to verify that the contents of the message have not been altered in transit. See: SSL/TLS Encryption
- An independent part of a program. Much of Apache's functionality is contained in modules that you can choose to include or exclude. Modules that are compiled into the Apache
<a href="/aa/docs/2.0/programs/httpd.html">httpd</a>binary are called static modules, while modules that are stored separately and can be optionally loaded at run-time are called dynamic modules or -> DSOs. Modules that are included by default are called base modules. Many modules are available for Apache that are not distributed as part of the Apache HTTP Server -> tarball. These are referred to as third-party modules. See: Module Index
- Pass Phrase
- The word or phrase that protects private key files. It prevents unauthorized users from encrypting them. Usually it's just the secret encryption/decryption key used for -> Ciphers. See: SSL/TLS Encryption
- The unencrypted text.
- An intermediate server that sits between the client and the origin server. It accepts requests from clients, transmits those requests on to the origin server, and then returns the response from the origin server to the client. If several clients request the same content, the proxy can deliver that content from its cache, rather than requesting it from the origin server each time, thereby reducing response time. See: mod_proxy
- Secure Sockets Layer (SSL)
- A protocol created by Netscape Communications Corporation for general communication authentication and encryption over TCP/IP networks. The most popular usage is HTTPS, i.e. the HyperText Transfer Protocol (HTTP) over SSL. See: SSL/TLS Encryption
- Symmetric Cryptography
- The study and application of Ciphers that use a single secret key for both encryption and decryption operations. See: SSL/TLS Encryption
- Transport Layer Security (TLS)
- The successor protocol to SSL, created by the Internet Engineering Task Force (IETF) for general communication authentication and encryption over TCP/IP networks. TLS version 1 and is nearly identical with SSL version 3. See: SSL/TLS Encryption
- Uniform Resource Locator (URL)
- The name/address of a resource on the Internet. This is the common informal term for what is formally called a -> Uniform Resource Identifier. URLs are usually made up of a scheme, like
https, a hostname, and a path. A URL for this page is
- Uniform Resource Identifier (URI)
- A compact string of characters for identifying an abstract or physical resource. It is formally defined by RFC 2396. URIs used on the world-wide web are commonly referred to as -> URLs.
- A program that establishes connections for the purpose of sending requests.
- user agent
- The client which initiates a request. These are often browsers, editors, spiders (web-traversing robots), or other end user tools.
- An application program that accepts connections in order to service requests by sending back responses. Any given program may be capable of being both a client and a server; our use of these terms refers only to the role being performed by the program for a particular connection, rather than to the program's capabilities in general. Likewise, any server may act as an origin server, proxy, gateway, or tunnel, switching behavior based on the nature of each request.