Avatar of CompuTurk
CompuTurk asked on

.htaccess is requiring two logins

I am simply trying to secure a folder and its contents with a username and password using .htaccess
In the folder 'secureFolder' I have placed .htaccess with the contents below:

//This is what gets prompted
AuthName "Restricted Area"

// I am not sure what this means.
AuthType Basic

// Server path to the .htpasswd file
AuthUserFile /home/httpd/vhosts/....../secureFolder/.htpasswd

// I am not sure what this means.
AuthGroupFile /dev/null

// I am not sure what this means either
require valid-user

My .htpasswd contants secureUsername:encryptedPassword

When I go to http://www.mydomain.com/secureFolder  I get prompted by "Restricted Area"
I type in my username and password and it takes me to a blank page, but I can read the page title and it also prompts me for " " this time.  I try using the same username and password and it does not work.

The folder contains 2 swf files and an html file.

I am confused as to what I am doing wrong.

Any help would greatly be appreciated!
OS SecurityLinux SecurityApache Web Server

Avatar of undefined
Last Comment

8/22/2022 - Mon

First of all you should move the .htpasswd out of the secureFolder folder - it should not be visible from the web.

Did you also try a direct link to your html  http://www.mydomain.com/secureFolder/test.html

AuthType Basic
Do a HTTP authentication

AuthGroupFile /dev/null
Do not use groups for authentication (empty file)

require valid-user
this requires that a valid user must log in to view the contents. It could also be:
require user <your username in .htpasswd>


Remove the:
AuthGroupFile /dev/null
line and try it out.  You dont need that because your validation is by user, not group.

If that doesn't work, Do you have any other "restricted areas" in the same apache server?  Only one?  i.e. do you have any other htaccess files that have "AuthType" in them?
If you have more than one, check to make sure that none of your images/other files used in your html file are not in those other restricted areas.  Try disabling those other restricted areas.

Don't forget to apply the changes between each of the trials above by restarting apache gracefully.

Removing the AuthGroupFile did not work.  I had setup another secure folder through Plesk control panel.  That works fine, but per browser basis.  I would like to be able to allow as many connections as possible.

Where should I store the .htpasswd file?
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck

I do not understand what you mean by "per browser basis".  Also, what relationship does allowing many connections have with this problem..?  Sorry, I could be missing your point.  Please try and remove the other protected directory to see if it is causing your problem..

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question

Please have a look at the procudure in:

Thank you.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.