basic authentication error 500 - apache

I have this .htaccess
AuthType Basic
AuthName "Protected Area"
AuthUserFile /.htpasswds/.htpasswd
Require valid-user
And a .htpassword
test:$apr1$zXAu7nnl$612DeubGZ9jDrDPB1S8VO0
the directory structure is:
/.htpasswds/.htpasswd
/public_html/.htaccess
any attempt to login give me a 500 error. In cpanel the error is not registered in error log.

I don't know exactly what is the problem, but my host provider suggests this:
In cpanel
Section security
Option Web Protect
That will generate:
AuthType Basic
AuthName "Protected"
AuthUserFile "/home/abvnfj/.htpasswds/public_html/passwd"
require valid-user

if apache can not access .htpasswd, it generate Error 500.
in AuthUserFile write full path to .htpasswd file.

I've had a very similar problem with cPanel - and error 500 "internal error" upon entering the basic authentication credentials.
The problem seems to stem from cPanel putting the password file into a directory that the apache process could not access. Moving it to the root folder for the account (where the public_html directory is created) fixes the problem for me. The AuthUserFile entry in .htaccess must still point to the absolute pathname for the file, for example:
AuthUserFile "/home/myaccount/.passwd"
with the site root being in /home/myaccount/public_html/

Make sure you are using the correct absolute path in .htpaswd.
Example: for my bluehost I need
AuthUserFile /home7/<username>/public_html/...
While the FTP just gave me
/wwww/...

I had same error and I tested htpasswd with adding -p parameter which generates passwordfile as plaintext. The error was disappeared, but now I don't have any idea why default md5 passwords are causing this error.

Related

Protect only a directory with htpasswd

I would like to protect the protect-me-dir directory with http password. I tried this code:
AuthType Basic
AuthName "restricted area"
AuthUserFile /home/iterator/public_html/protect-me-dir/.htpasswd
require valid-user
It works, but unfortunately it asks for the password everywhere, not just in protect-me-dir. How is it possible to protect only that directory?
If I put this code inside <Directory "/home/iterator/public_html/protect-me-dir">...</Directory>, I get Internal Server Error
Just put the .htaccess file in the directory you want to password-protect. It is a per-directory config file.

500 Error with .htaccess password protection

I am running latest ubuntu with apache.
I have very simple html directory I want to protect using .htaccess.
I am trying to do it with:
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /var/www/dev/docs/.htpasswd
Require valid-user
On my .htpasswd file I have:
user:pass
I get internal server error with this. I've been digging hard but not sure why this is happening.
If I add a this:
<Directory "/var/www/dev/docs">
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /var/www/dev/docs/.htpasswd
Require valid-user
</Directory>
I can't login no matter what I do...
Thanks,
I have the same problem. But after a few trial and error, here's the fix.
You must use the full path to the .htpasswd file.
You must encapsulate the path with quotation marks "home/username/public_html/subfolder/protected/.htpasswd"
An example:
AuthUserFile "/home/username/public_html/subfolder/protected/.htpasswd"
AuthType Basic
AuthName "My restricted Area"
Require valid-user
Error #500 just means the web server isn't understanding something in your .htaccess file. There will be nothing in Apache's error log since the request doesn't even get parsed at this point.
Try putting quotes around the path to the .htpasswd file and note on some hosting companies like cough.. godaddy, 1&1 It may take several minutes for the changes in .htaccess to be picked up.
AuthType Basic
AuthName "Restricted Area"
AuthUserFile "/home/. . . . ./.htpasswd"
require valid-user
I have got same situation on Apache/2.4.6 (CentOS)
Path to htpasswd needs to be taken from $_SERVER['DOCUMENT_ROOT']
Apache has some bug (https://bz.apache.org/bugzilla/show_bug.cgi?id=54735), you need to set password from console like this:
htpasswd -nb username newpassw > <path-to>/.htpasswd
btw in Apache 2.4.6 on CentOS 7 problem still exists

How to upload a htaccess file with htpasswd?

I am trying to protect my directory with apache password protection, basically their is a subdirectory named reg in my /var/www folder. now, I have .htaccess in the /var/www/reg folder and the content is
AuthUserFile /var/www/.htpasswd
AuthName "Please Log In"
AuthType Basic
require valid-user
and a .htpasswd file in /var/www folder and the content is
xyz:AFm9t1CfobrkA
but when I try to access the folder typing localhost/reg no pop up box appear asking for username and password. Where am I wrong?
I have .htaccess file like this:
AuthUserFile /data/www/.../http-users
AuthType Basic
AuthName "private"
require user cf
And it works. What you could do:
Detect the possible cause by looking into the error log. In many cases you have access to it even on hosting environments
Make sure AllowOverride AuthConfig is set. You cannot set it in .htaccess, you must do it in the server configuration file. In a hosting environment, you have to ask your hosting provider.
Not very likely, but it could be the dot - try to rename the .htpasswd file to htpasswd
Its definitelly not caused by missing the <directory> container as noted in the discussion

.htaccess keeps redirecting to 401

I've been trying to get this to work for an hour.
I'm protecting a directory with .htaccess and .htpasswd
AuthType Basic
AuthName "Access Denied: Please Enter the Correct Information to Continue"
AuthUserFile /actual/path/based/on/php/info/.htpasswd
require valid-user
Simple stuff. For some reason I'm getting a 401.shtml page instead of asking for login information.
I've tried disabling the other redirects
I'm pretty sure the path is correct
This works just fine on another site, just different web hosts.
Thanks.

Password protect directory in Apache

I want to set password for one directory using Apache server so that only authorized persons can access to the directory. I have created .htpasswd file inside the directory. And it contains one line
username:$apr1$5H33Pfw6$WApVs3KlrU7QgBqYrFgeW.
password is "password". And my Directory Preferences are
<Directory />
AuthType Basic
AuthName "Example Repository"
AuthUserFile /.htpasswd
Require valid-user
</Directory>
When accessing the directory from browser it asks for username and password. After entering username and password request fails. Http Request error code is 403. What could be the error. Thanks.
Taken from http://httpd.apache.org/docs/2.2/mod/mod_authn_file.html
Syntax: AuthUserFile file-path
File-path is the path to the user file. If it is not absolute, it is treated as relative to the ServerRoot.
You must provide the complete path to your .htpasswd file. Try with
AuthUserFile /complete/passwd/file/path/.htpasswd
Hope it helps.