.htaccess/.htpasswd

Ok, i am trying to set .htaccess/.htpasswd files up so that i can protect an area on my server. My server is Apache (php enabled) running of a windows XP system. However, when i tried testing the restricted area, it didn't prompt me for my password, or username. It actually just let me into that part of the server.

hmmm did you create the .htpasswd using the ms-dos screen and post the code you have in your .htaccess file so i can help

No, i did not create the files in msdos.
Note: having some problems posting the file's code (cant post the word after limit... wow this is really messed up) : /
File: .htaccess
-------------------------
AuthUserFile http://localhost/password/.htpasswd
AuthGroupFile /dev/null
AuthName JSBN
AuthType Basic

<Limit >
require user JSBN
</Limit>
------------------------


File: .htpasswd
------------------
JSBN: sTO2XypJZkwpc
-----------------

Try:

I haven't seen http:// used for AuthUserFile before... I don't know if it works that way (?). I do believe it just takes a filesystem path. Also, I don't have limit tags in mine, and it works...

AuthName "My Secured Page"
AuthUserFile /mysite/videos/.htpasswd
AuthType Basic
require valid-user

this is what you need to change your code to. theres no need to put the limit tag there

It's still not working

Have you checked your httpd/error_log ? What does it say?

Check your httpd.conf to see if you have Overrides enabled:

Specifically you want AuthConfig, but you could simply allow All instead.

only 2 guess that 1. you didnt change the line to allowoveride none to allowoveride all or 2. you didn't create the htpasswd or created it incorrectly

thx for the suggestions, i'll try them all out
oh, what is the proper way to make the .htpasswd file?

k,


Isn't even part of the file :/

look in your bin folder and look to see if you have a file called htpasswd.

once you see it open the ms-dos screen type in cd\ and press enter then type in of course change the path to reflect your own

c:\apache2\bin\htpasswd -c .htpasswd jsbn

press enter and you should be presented with an enter the password line, type what you want in there and press enter and the re-enter it and it will pause for a minute to create the file in the bin directory.

now let me explain the script

-c means to create the .htpasswd file and the second .htpasswd in the file is the name of the file that will be created and jsbn is the member who will be required in order to gain access to the password protected directory.

you will always need to use this line when creating the .htpasswd file

c:\apache2\bin\htpasswd -c .htpasswd jsbn

hopefully this helps

Caution: Note that you must omit the -c if you are only adding a name to the same htpasswd file. Otherwise all of your passwords will be overwritten with a newly created file.

JSBN, If you don't have AllowOverride in your httpd.conf, then that's most likely your problem. It should be listed within your <Directory> tag for the webroot. Check to make sure it's really not there, then add it in as AllowOverride All

still not working
- i made the .htpasswd file properly, and i changed AllowOverride None to All

can you post the code from your .htaccess file cause i think the problem is in that file so post it when you can k.

ok, i got it working, after having problems with restarting the server, i restarted my comp, went back into the config file, and oddly enough, all the code for that area was changed... i am still confused about that part, anyways, i re-changed the AllowOverride, and it works. THX ALOT for every one's help, all u guys r awsome

THx again, JSBN

glad we could help another fellow apache user