I'm having problems with trying to restrict access to a directory on my webserver. I've spent some time on Google, looking at various tutorials which show how to password protect a directory using .htaccess and .htpasswd - but every time I go to login, the username and password don't work. My .htaccess looks like this: Code: AuthName "Admin Area" AuthType Basic AuthUserFile /home/mjlazlow/public_html/admin/.htpasswd Require valid-user And is stored in /home/mjlazlow/public_html/admin/ My .htpasswd looks like this: Code: username:password And is stored in the same location. I will move it outside of the public_html directory once I know that it works correctly. Try it yourself, enter username as the username and password as the password. Any suggestions as to why it isn't working? It seems to not be picking up the username/password from the file.
I think the password should be hashed shouldn't it, rather than plaintext, so your .htpasswd should be: Code: username:sp4a40h.B/C4.
I don't know if it makes the slightest difference, but mine looks like Code: AuthUserFile /path/.htpasswd AuthName "Members only area" AuthType Basic <Limit GET POST> require valid-user </Limit> with the hashed password file as generated by a similar link to hitman012's. All greek to me, I got the method from the host's forum.
OK, I've encrypted the password using the link Hitman012 gave me and altered my .htaccess to resemble cpemma's, but it's still giving a 401 error: Code: AuthUserFile /home/mjlazlow/public_html/admin/.htpasswd AuthName "Admin Area" AuthType Basic <Limit GET POST> require valid-user </Limit> Any ideas? Could it be something on my host has disabled, which is preventing it from working? I've used .htaccess files in the past and they all work fine (redirects, class B etc.)
