Page 1 of 1


Posted: Fri Jan 22, 2010 4:20 am
by Bill52

This should work. I just can't see what I am doing wrong ...
Could someone point it out pls!

The htaccess

AuthName "Restricted Area"
AuthType Basic
AuthUserFile /home/freeweb/web/mydir/public_html/private/pw
AuthGroupFile /dev/null
require valid-user

the pw file

bill:$apr1$x8xnU...$Np3695JiBL9xBwKd/itA20 //generated with

Both files edited in Notepad, saved as txt.
Uploaded as ASCII.
Both files are in the same directory: FTP_ROOT/private/

When accessing the 'private' directory the password requester comes up, i enter name/pw and get the Forbidden page.
What am i doing wrong?



Re: htaccess-forbidden

Posted: Fri Jan 22, 2010 8:01 am
by Dazzled
The official authentication manual is here:
Is "mydir" the correct spelling for the site? Require has a capital. Group list in the byte bucket - I don't, but I have seen it suggested. Check that Notepad hasn't appended a Windows suffix to the password file.

Re: htaccess-forbidden

Posted: Fri Jan 22, 2010 9:09 am
by JeremyP
From what i can see, at first it was just an incorrect user/pass problem, but i can see you are now logging in correctly.

The reason you are seeing that error is because there is no index page. eg. index.htm/.html/.php

If you place a page in there it will be fine.

If you want to show the contents of the folder, i suggest you look up .htaccess file directives for directory listing.

Also to note with your 'pw' file, regardless if you need a user/pass to get access to the folder, it is recommend to stick to the typical '.htpasswd' file name for the password file.

Files with the '.ht' prefix are protected by Apache to not be visible or downloadable to anyone, where as your current setup allows the 'pw' file to be downloaded.

Re: htaccess-forbidden

Posted: Sat Jan 23, 2010 5:16 am
by Bill52
... the index.html ... naturally. I donnow what was I expecting to see ... there was no file in the dir ... THOUGH! what a spatz! :oops:

Thanks everybod! JeremyP, thanks!

.ht prefix, sure. Still, being able to put password and config files into the user-root-dir rather than into the document-root, would be better security ...

On the other hand:

<Files ~ "^pw">
Order allow,deny
Deny from all
Satisfy All

hides my 'secretly' named pw file.
Good htaccess tute at: ... ial/#index

order deny,allow
deny from all

is good to stop inquisitive people yet the file is still readable by a code.

Still, the user-root is better ... can we have it Jeremy? Pleeese! :)

Cheers, thanks again,