I am trying to password protect a directory, and have two files in the directory which should password protected it:
- .htaccess
- .htpasswd
HTACCESS:
###Contents of .htaccess:
AuthUserFile /var/www/html/path/to/my/directory/.htpasswd
AuthName "Protected Files"
AuthType Basic
Require user admin
HTPASSWD:
###Contents of .htpasswd
admin:oxRHPuqwKiANY
The password is also admin, but no matter what password I try, it is always wrong. It immediately asks for the password again!
What is wrong with this configuration?
I had the same issue.
CRYPT_STD_DES - Standard DES-based hash with a two character salt from the alphabet "./0-9A-Za-z".
example:
Onlione javascript encripter is also available.
If it still does not work, take care of these:
echo $_SERVER['DOCUMENT_ROOT'];
chmod(".htpasswd",0644);
I had a similar issue using MAMP and it was because i was creating .htpasswd by hand. Solution was to use
htpasswd
command in terminal:this created the .htpasswd file which worked fine with my .htaccess file which looked like so:
My problem was that I did not give an absolute path for the AuthFile line.
Also, make sure your password file is ANSI-encoded.
I spent about 2 hours to resolve the same issue. But problem was in nginx. I have nginx as front web server and there was a line for proxy configuration:
proxy_set_header Authorization "";
It overrides Authorization field and apache don't receive login and password typed in.
I just commented out this line and it worked.
This problem is almost always because apache cannot read the .htpasswd file. There are four causes that come to mind:
it isn't parsing the path correctly... how did you create the .htaccess file? Does it have unix line endings (versus say using Notepad in Windows?
is the path correct? What does the following command (with the path update) show? ls -l /var/www/html/path/to/my/directory/.htpasswd
does the web server have access to the file? chmod 644 and see if that solves the problem.
it can't parse the .htpasswd file: in this case, you are using the crypt() encryption so it does seem you created the file on Linux and it is probably fine. Some types of encryption only work on certain platforms, if in doubt try switching to MD5.
You may find helpful messages in the Apache error log.
My money is on #3.