Solved

.htaccess password not working: Internal Server Error

Posted on 2014-07-30
15
839 Views
Last Modified: 2014-08-25
Hi,

I'm trying to use .htaccess password to protect my directory and it's sub directories.

I have this in my .htaccess file for the directory:
AuthName "Restricted Area" 
AuthType Basic 
AuthUserFile /home/htpass/.htpasswd 
AuthGroupFile /dev/null 
require valid-user

Open in new window


for my .htpasswd I have:
vkimura:qe723jsfyweFke

Open in new window


But when I go to the directory I get an "Internal Server Error".

When I delete the .htaccess file from the directory then it becomes a Forbidden error. So I'm assuming something is wrong with the .htaccess file.

How can I password protect my directory recursively using .htaccess?

Thank you and Father bless<><
0
Comment
Question by:Victor Kimura
  • 5
  • 3
  • 3
  • +3
15 Comments
 
LVL 14

Assisted Solution

by:Edwin Hoffer
Edwin Hoffer earned 50 total points
ID: 40228681
Update your .htaccess code to this:

AuthType Basic
AuthName "restricted area"
AuthUserFile /home/htpass/.htpasswd
require valid-user

Open in new window


And generate htaccess password from here:

http://www.htaccesstools.com/htpasswd-generator/

Also you can check these articles:

http://davidwalsh.name/password-protect-directory-using-htaccess

http://css-tricks.com/easily-password-protect-a-website-or-subdirectory/

Thanks
Edwin
0
 
LVL 13

Assisted Solution

by:duncanb7
duncanb7 earned 75 total points
ID: 40228698
Please put back the .htaccess file  to original place  that is setup by your server administrator.
Put  the code as follows into the .htaccess file at original location, for example .at public_html
AuthType Basic
AuthName "Password Protected Area"
AuthUserFile /path/to/.htpasswd
Require valid-user

Open in new window

And make sure the .htpasswd  file is exactly at file path  , run this php script to check
your full path as follows code.
<?php
$dir = dirname(__FILE__);
echo "<p>Full path to this dir: " . $dir . "</p>";
$filename= $dir . "/.htpasswd";
if (file_exists($filename)) {
    echo "The file $filename exists";
echo "<p>Full path to a .htpasswd file in this dir: " . $dir . "/.htpasswd" . "</p>";
} else {
    echo "The file $filename does not exist";
}
?>

Open in new window

Hope understand your question completely.If not, pls pt it out
Duncan
0
 
LVL 34

Expert Comment

by:Seth Simmons
ID: 40229054
i tested that same code and it works fine for me; only changed the path to the password file
as a sanity check, does the account that apache runs as have access to the .htpasswd file or /home/htpass folder?
i took my file and changed ownership to something other than the account apache uses and it returned a 500; the error log showed permission denied, couldn't open password file

i would check the account used and the folder/file access for that account first
if that isn't an issue then the apache error log should show the reason for the server error
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 4

Accepted Solution

by:
kyanwan earned 250 total points
ID: 40229916
In your httpd.conf - make sure you:

AllowOverride AuthConfig

for the directory you're trying to activate Auth for.

[ The internal server error?  If you go to error.log, you might see a "not allowed here' somewhere in there for that access.  "AllowOverride  none" is a common configuration, as it offers heightened security.   If your override is not permitted, Apache will throw a server error when it picks up your attempt to request Auth via override if override is not enabled for the directory where you dropped the htaccess. ]
0
 

Author Comment

by:Victor Kimura
ID: 40230704
Hi duncanb7,

I don't wish to deny access at the public_html folder. Wouldn't that deny everyone from accessing the website with those commands?

---

Hi Seth Simmons,

Do you mean something like?
chown -R apache:apache /home/htpass/.htpasswd
0
 
LVL 34

Expert Comment

by:Seth Simmons
ID: 40230808
yeah...if the apache account is used for the process and doesn't have rights to access that folder
0
 
LVL 13

Expert Comment

by:duncanb7
ID: 40230859
there is no any user for  denying besides the directory you set auth right

.htaccess is always in root or hosting roots(public_html) directory as usual.

Just put the .htpasswd for the directory you want protect

Duncan
0
 

Author Comment

by:Victor Kimura
ID: 40233237
Hi duncanb7,

I don't think that's correct.

We're supposed to put the .htaccess (not the .htpasswd) in the directory that needs to be protected. You have it the other way around, friend.

AuthUserFile /home/htpass/.htpasswd

is the directive for where the .htpasswd should be placed which is outside the public folder. =)
0
 
LVL 29

Assisted Solution

by:serialband
serialband earned 125 total points
ID: 40233282
You put both .htpasswd and .htaccess in the directories you wish to protect.  You can put it in root or in any folder, assuming you set it in the configuration to allow users to do so.  Each directory can be protected with separate .htaccess and .htpasswd settings.  You can specify the location of the .htpasswd in .htaccess, and it's easiest if they're in the same folders for better clarity, so you don't have to dig around each .htaccess file to find them.
0
 

Author Comment

by:Victor Kimura
ID: 40233283
Hi Seth Simmons,

Ok, I got it to work for one moment and I saw the login Auth popup. I entered the info (maybe I typed something wrong) and then it's a Forbidden error. I changed the chown to:
chown -R nobody:nobody /home/htpass/.htpasswd

my httpd.conf is under nobody user. Is that ok?

Maybe I typed my pass or username wrong but I can't get access to the Authorization message/popup. How do I reset it?
0
 
LVL 34

Expert Comment

by:Seth Simmons
ID: 40233304
the 403 forbidden could be something different
maybe that user doesn't have access to that folder or there is no default page and document index is off
0
 
LVL 29

Expert Comment

by:serialband
ID: 40233324
If you've already entered a usernam/password, you'll have to clear it from the browser cache.  The easiest way is to restart your browser.
0
 

Author Comment

by:Victor Kimura
ID: 40233353
Ok, strange. The window Auth message popped up in IE.

AuthType Basic
AuthName "restricted area"
AuthUserFile /home/myultrat/public_html/l4/.htpasswd
require valid-user

Open in new window


I placed the .htpasswd in the same directory as .htaccess to see if it was a permissions issue.

This is in my .htpasswd:
vkimura:NLLCydYbWcTVg

Open in new window


It's encrypted. I generated the file from here:
http://www.tools.dynamicdrive.com/password/

The pass is 'test' without quotes. Nothing secure about the site. I'm just using it to block all search engine bots from accessing and crawling it. Just a Laravel proj test on the pub directory. (just fyi).

In IE the Auth message popped up and then I entered my credentials and then I can see the spinning wheel trying to access the page. I placed an index.html in that page as well. What could be wrong?

here's the url:
/home/myultrat/public_html/l4
0
 
LVL 29

Assisted Solution

by:serialband
serialband earned 125 total points
ID: 40246835
If you're just blocking search engine bots, you just need to place a robots.txt file in your web site root folder with the following entries.  Legitimate search bots will honor it.
User-agent: *
Disallow: /

Open in new window

Also, that password hash seems a bit short.  It may be an outdated hash algorithm.  Try this
vkimura:$apr1$IyzlLJLp$YpwvBPHzroszK4bx5ZQ.m0

Open in new window

I generated that with the linux command line htpasswd command, but you can go to this page and it will generate a more modern hash.
http://www.htaccesstools.com/htpasswd-generator-windows/
0
 

Author Closing Comment

by:Victor Kimura
ID: 40284824
Kyanwan was correct about the AllowOverride AuthConfig setting. Thank you all!
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SonarQube on Linux vs Windows 3 71
Linux Real Time Memory on Distinct 24 Cycle 7 42
sticky session 2 34
How to swap or extend CentOS partition 11 27
1. Introduction As many people are interested in Linux but not as many are interested or knowledgeable (enough) to install Linux on their system, here is a safe way to try out Linux on your existing (Windows) system. The idea is that you insta…
The purpose of this article is to fix the unknown display problem in Linux Mint operating system. After installing the OS if you see Display monitor is not recognized then we can install "MESA" utilities to fix this problem or we can install additio…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question