Solved

.htaccess password not working: Internal Server Error

Posted on 2014-07-30
15
770 Views
Last Modified: 2014-08-25
Hi,

I'm trying to use .htaccess password to protect my directory and it's sub directories.

I have this in my .htaccess file for the directory:
AuthName "Restricted Area" 
AuthType Basic 
AuthUserFile /home/htpass/.htpasswd 
AuthGroupFile /dev/null 
require valid-user

Open in new window


for my .htpasswd I have:
vkimura:qe723jsfyweFke

Open in new window


But when I go to the directory I get an "Internal Server Error".

When I delete the .htaccess file from the directory then it becomes a Forbidden error. So I'm assuming something is wrong with the .htaccess file.

How can I password protect my directory recursively using .htaccess?

Thank you and Father bless<><
0
Comment
Question by:Victor Kimura
  • 5
  • 3
  • 3
  • +3
15 Comments
 
LVL 12

Assisted Solution

by:Edwin Hoffer
Edwin Hoffer earned 50 total points
ID: 40228681
Update your .htaccess code to this:

AuthType Basic
AuthName "restricted area"
AuthUserFile /home/htpass/.htpasswd
require valid-user

Open in new window


And generate htaccess password from here:

http://www.htaccesstools.com/htpasswd-generator/

Also you can check these articles:

http://davidwalsh.name/password-protect-directory-using-htaccess

http://css-tricks.com/easily-password-protect-a-website-or-subdirectory/

Thanks
Edwin
0
 
LVL 13

Assisted Solution

by:duncanb7
duncanb7 earned 75 total points
ID: 40228698
Please put back the .htaccess file  to original place  that is setup by your server administrator.
Put  the code as follows into the .htaccess file at original location, for example .at public_html
AuthType Basic
AuthName "Password Protected Area"
AuthUserFile /path/to/.htpasswd
Require valid-user

Open in new window

And make sure the .htpasswd  file is exactly at file path  , run this php script to check
your full path as follows code.
<?php
$dir = dirname(__FILE__);
echo "<p>Full path to this dir: " . $dir . "</p>";
$filename= $dir . "/.htpasswd";
if (file_exists($filename)) {
    echo "The file $filename exists";
echo "<p>Full path to a .htpasswd file in this dir: " . $dir . "/.htpasswd" . "</p>";
} else {
    echo "The file $filename does not exist";
}
?>

Open in new window

Hope understand your question completely.If not, pls pt it out
Duncan
0
 
LVL 34

Expert Comment

by:Seth Simmons
ID: 40229054
i tested that same code and it works fine for me; only changed the path to the password file
as a sanity check, does the account that apache runs as have access to the .htpasswd file or /home/htpass folder?
i took my file and changed ownership to something other than the account apache uses and it returned a 500; the error log showed permission denied, couldn't open password file

i would check the account used and the folder/file access for that account first
if that isn't an issue then the apache error log should show the reason for the server error
0
 
LVL 4

Accepted Solution

by:
kyanwan earned 250 total points
ID: 40229916
In your httpd.conf - make sure you:

AllowOverride AuthConfig

for the directory you're trying to activate Auth for.

[ The internal server error?  If you go to error.log, you might see a "not allowed here' somewhere in there for that access.  "AllowOverride  none" is a common configuration, as it offers heightened security.   If your override is not permitted, Apache will throw a server error when it picks up your attempt to request Auth via override if override is not enabled for the directory where you dropped the htaccess. ]
0
 

Author Comment

by:Victor Kimura
ID: 40230704
Hi duncanb7,

I don't wish to deny access at the public_html folder. Wouldn't that deny everyone from accessing the website with those commands?

---

Hi Seth Simmons,

Do you mean something like?
chown -R apache:apache /home/htpass/.htpasswd
0
 
LVL 34

Expert Comment

by:Seth Simmons
ID: 40230808
yeah...if the apache account is used for the process and doesn't have rights to access that folder
0
 
LVL 13

Expert Comment

by:duncanb7
ID: 40230859
there is no any user for  denying besides the directory you set auth right

.htaccess is always in root or hosting roots(public_html) directory as usual.

Just put the .htpasswd for the directory you want protect

Duncan
0
Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

 

Author Comment

by:Victor Kimura
ID: 40233237
Hi duncanb7,

I don't think that's correct.

We're supposed to put the .htaccess (not the .htpasswd) in the directory that needs to be protected. You have it the other way around, friend.

AuthUserFile /home/htpass/.htpasswd

is the directive for where the .htpasswd should be placed which is outside the public folder. =)
0
 
LVL 27

Assisted Solution

by:serialband
serialband earned 125 total points
ID: 40233282
You put both .htpasswd and .htaccess in the directories you wish to protect.  You can put it in root or in any folder, assuming you set it in the configuration to allow users to do so.  Each directory can be protected with separate .htaccess and .htpasswd settings.  You can specify the location of the .htpasswd in .htaccess, and it's easiest if they're in the same folders for better clarity, so you don't have to dig around each .htaccess file to find them.
0
 

Author Comment

by:Victor Kimura
ID: 40233283
Hi Seth Simmons,

Ok, I got it to work for one moment and I saw the login Auth popup. I entered the info (maybe I typed something wrong) and then it's a Forbidden error. I changed the chown to:
chown -R nobody:nobody /home/htpass/.htpasswd

my httpd.conf is under nobody user. Is that ok?

Maybe I typed my pass or username wrong but I can't get access to the Authorization message/popup. How do I reset it?
0
 
LVL 34

Expert Comment

by:Seth Simmons
ID: 40233304
the 403 forbidden could be something different
maybe that user doesn't have access to that folder or there is no default page and document index is off
0
 
LVL 27

Expert Comment

by:serialband
ID: 40233324
If you've already entered a usernam/password, you'll have to clear it from the browser cache.  The easiest way is to restart your browser.
0
 

Author Comment

by:Victor Kimura
ID: 40233353
Ok, strange. The window Auth message popped up in IE.

AuthType Basic
AuthName "restricted area"
AuthUserFile /home/myultrat/public_html/l4/.htpasswd
require valid-user

Open in new window


I placed the .htpasswd in the same directory as .htaccess to see if it was a permissions issue.

This is in my .htpasswd:
vkimura:NLLCydYbWcTVg

Open in new window


It's encrypted. I generated the file from here:
http://www.tools.dynamicdrive.com/password/

The pass is 'test' without quotes. Nothing secure about the site. I'm just using it to block all search engine bots from accessing and crawling it. Just a Laravel proj test on the pub directory. (just fyi).

In IE the Auth message popped up and then I entered my credentials and then I can see the spinning wheel trying to access the page. I placed an index.html in that page as well. What could be wrong?

here's the url:
/home/myultrat/public_html/l4
0
 
LVL 27

Assisted Solution

by:serialband
serialband earned 125 total points
ID: 40246835
If you're just blocking search engine bots, you just need to place a robots.txt file in your web site root folder with the following entries.  Legitimate search bots will honor it.
User-agent: *
Disallow: /

Open in new window

Also, that password hash seems a bit short.  It may be an outdated hash algorithm.  Try this
vkimura:$apr1$IyzlLJLp$YpwvBPHzroszK4bx5ZQ.m0

Open in new window

I generated that with the linux command line htpasswd command, but you can go to this page and it will generate a more modern hash.
http://www.htaccesstools.com/htpasswd-generator-windows/
0
 

Author Closing Comment

by:Victor Kimura
ID: 40284824
Kyanwan was correct about the AllowOverride AuthConfig setting. Thank you all!
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

In my business, I use the LTS (Long Term Support) versions of Linux. My workstations do real work, and so I rarely have the patience to deal with silly problems caused by an upgraded kernel that had experimental software on it to begin with from a r…
You ever wonder how to backup Linux system files just like Windows System Restore?  Well you can use Timeshift in Linux to perform those similar action.  This tutorial will show you how to backup your system files and keep regular intervals. Note…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now