• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Password protecting a dir with htaccess



I've been playing with htaccess for the first time, trying to get a directory password protected but not having much luck. When I read the error logs I get:

[Wed Dec 18 20:13:58 2002] [error] (2)No such file or directory: access to /fdcgi failed for xxx.xxx.xxx.xxx, reason: Authentication failure

Does this mean it can't find the htpasswd file?
the htaccess file I'm using looks like this:

AuthUserFile /web/.htpasswd
AuthGroupFile /dev/null
AuthName "Hello World"
AuthType Basic

require valid-user
I'm uploading it in ascii mode, read loads of how-to's on it, but it just doesn't seem to work. At the moment the htpasswd is just sitting in the web dir, but thats only temporary till I figure out why its not working. I've tried it in different places but that didn't help either.

Any other info you need to solve the problem just ask, I'm out of ideas.

Its running on Apache (not sure which build) on a Cobalt RaQ 3.

Any help is appreciated, thanks.

[edit.madmatt]gosh darn it, this thread is driving my firewall nuts..[/edit]


Bow Down to the King
Political User
Place the htaccess file in the directory you want to password protect (this will also protect all sub dir within that dir).

Basic table for htaccess/password protecting

# admin table
AuthType Basic
AuthName "login"
AuthUserFile /path/to/users.acl
Require valid-user
AuthUserFile is the path to your user file (.acl)

You can also add the following to the above to limit to your IP address (XXX.XXX.XXX.XXX = your IP address)..

<Limit GET> 
order deny,allow
deny from all
allow from XXX.XXX.XXX.XXX
satisfy all
The "satisfy all" means that the IP address MUST match the given IP address and you still have to input a username/password.

Good luck.


Thanks for the reply but still no luck :(

In the logs I still get the same error message. The path to the password file in .htaccess, should it be relative to the root of the virtual site or relative to the root of the actual server?

I've tried both and neither seem to work.

Whats the difference between .htpasswd and user.acl? In other examples I've see .htpasswd rather than user.acl.

Sorry for driving your firewall nuts, in future I'll put code in a code block :)


Progress - If I use the line " AuthUserFile /etc/passwd", it will work off the list of server username and passwords, but I still can't get it to accept a password file generated by htpasswd


Bow Down to the King
Political User
You probably already know this..

It Telnet, if you type 'htpasswd' it will give you the correct syntax. I usually use:

htpasswd -d /users.acl <new_username>

Then it asks me to input the new_username's password, and verify it.

I believe you have to type htpasswd -cd /users.acl <username> the first time (to create the users.acl file).

I have found in the past that the built-in encryption does not work correctly. So you may want to give it a try without encryption.

As for what's the difference between the htpasswd file and users.acl? Probably none, when I learned, I learned using the .ACL filename.

Hope this helps..


I've got a copy of apache on my Windows XP box to use as a test bed for sites so I've been using htpasswd on it and then ftping (in ascii mode) the htpasswd file.

I spoke to the tech guys where our server is colocated earlier coz I tried telneting in to do it on the server and it wouldn't let me.

They said I needed to give them my static IP address to let them change permissions on their firewall to let me telnet to it so I've emailed it to them, but it'll be tomorrow before that gerts done now.

I've tried the password as unencrypted, encrypted with crypt and with md5, but that didn't seem to be the prob.

I'll post again with the results of the telneting session tomorrow

Members online

Latest posts

Latest profile posts

Hello, is there anybody in there? Just nod if you can hear me ...
What a long strange trip it's been. =)

Forum statistics

Latest member