Hello all,

I'm trying to configure apache in a way that it will only allow registered users on a username/passwd basis.

It runs on a RH 9 box , Apache version 2.0.40

The sites content is in /var/www/html/ so that is where I've put my .htaccess file
which looks like this:

AuthType Basic
AuthName "Restricted files"
AuthUserFile /usr/local/httppasswords
require user foo


I changed AllowOverride for the /var/www/html/ dir from None to Autconfig

Then I used htpasswd to create a user foo:

# htpasswd -c /usr/local/httppasswords foo

and set the passwd to "bar"

In the /user/local/httppasswords file there's a line:
foo:1h3barlk12

But when I log on to my web page I get prompted for my username and passwd over and over again, without letting me acces the page. It doesn't say : login failed or anything, it just keeps prompting me.
I can acces the page just fine when I don't use the .htaccess file.

I've googled on this but to no avail :-(

Any suggestions?

I don't know if this will help, but what if you hid the httppasswords file? maybe rename it to .httppasswords, and point the htaccess file to that?

I tried that, but sadly it didn't solve the problem. It's probably something basic I'm not getting. I tried chmodding the files involved to 777, but that didn't do it either. Could it be that the .htaccess file is in the wrong directory or something like that?
I moved it around a little, but I keep having the above problem.

Hmmmmm. The only thing I can think is that it may be where the password file is placed. Maybe in the website root? This webpage may help.
http://www.freewebmasterhelp.com/tutorials/htaccess/3
They also have a password encryptor that I used when I set mine up.
http://www.kxs.net/support/htaccess_pw.html

That might be worth a try as well. Hope this helps.

the password file can be placed anywhere, but i would strongly recommend placing it outside of the DocumentRoot, so that it cannot be downloaded

and while that website is handy, it just implements one use of the htpasswd command

if you only have 1 user, foo, in the password file, try using the valid-user directive instead of require user foo

AuthUserFile /usr/local/httppasswords
AuthGroupFile /dev/null
AuthName "Restricted files"
AuthType Basic
<Limit GET PUT POST>
require valid-user
</Limit>

Hi everyone,

Sorry for reacting this late, but yesterday didn't go as planned for me, so I wasn't able to get behind my pc.

I just tried all the suggestions you guys made and I am very sorry to say nothing worked.
I tried starting over from scratch, and naming every file exactly as in the tutorial Grandpuba provided. Still to no avail.
Since I do get prompted, would it be save to presume that my httpd.conf file is configured correctly and the problem is somewhere within the way Apache handles the username/passwd input?
Maybe something redhat-specific? (I installed apache along with the rh9 server install)
Could it be I should have a module that isn't compiled in the rpm or something?

PROBLEM SOLVED!!!

I realized just a moment ago that I didn't chmod the .htacces and .htpasswd file after following the instructions on "Grandpuba's" tutorial. I made them as root...

After I did that it functioned perfectly.
Who would have thought file permissions could get you in to trouble?

What was wrong the first time I will probably never know, something similar probably...

Thanks a million guys!

i'm having the exact same problem as dowski

what should be the chmod value of the .htpasswd file

i have it at 750

owner: apache
group: apache

its driving me crazy!

I can't say for sure what it was from where I am right now, but the method I used was:
Start at 777 and work your way down. I think all users should have read acces.

Man! Do I know what you mean!

I had the same problem. I set the permisions to 744 and it worked. Frustrating how all those tutorials never mentioned permisions, guess thats what this site is for! Good luck!