SniptoolsSniptools | Design & Technology Observations

RSS

Windows, Apache and .htaccess authentication

May 26th 2003
141 Comments

Respond
Trackback

It is quite simple to use .htaccess on Windows. Simple instructions with screenshots here.

Enabling password authentication on Windows using Apache (and here’s a link if you wish to RTFM) given the knowledge that you are busy folks so these are merely quick instructions to get it working on Windows.

Some things to know beforehand:

  1. Path to your Apache server (e.g., c:\apache)
  2. Path to your CONF folder (e.g., c:\apache\conf)
  3. Path to your DOCROOT folder (e.g., c:\apache\htdocs)
  4. Path to the folder you wish to password-protect. In my
    example, lets take a folder called “secure”, so the path to this
    would be “c:\apache\htdocs\secure”. (It could be ABOVE the htdocs
    folder as well, FYI).

Ok, let the show begin:

  1. Open up your httpd.conf. (On my machine this is at
     “c:\apache\conf\httpd.conf”).
  2. Look for the word called “AccessFileName”. I believe there
    should be a line like this:

    AccessFileName .htaccess
    

  3. If you use Windows 2000 or above, then move on to step 4
    (because you can create files like “.htaccess” on your system which
    do not have anything before the dot in the filename. If not, then
    change this line to the following:

    AccessFileName ht.acl .htaccess
    
  4. Then, we need to add the directory to the configuration.
    Instead of rattling on about how to do it, here is a
     screenshot:

    alt=”This is what the HTTPD.CONF should look like. ” />

    Please note that “/apache” in the directory path means that it
    starts from the root drive on my machine (“c:”). Adjust
     accordingly.

  5. Our httpd.conf is done. Now we need to create the password
    file. Open up a DOS prompt and go to the apache’s BIN directory. In
    my case, it is “c:\apache\bin”. Anyway, again, I think a screenshot
    is more helpful.

    alt=”Instructions for creating the password file” />

  6. Now, we need to create the HTACCESS file itself. As per point 3
    above, either create a “.htaccess” or a “ht.acl”, whichever suits
    you fine. I will keep my example to “ht.acl” because this works on
    ALL windows systems if they use Apache 1.12…or above. Here is
    what this looks like.

    c:\apache\htdocs\secure\ht.acl
    

  7. Save the above file into your SECURE folder because it
    represents only that folder context.

READY TO ROLL! (I restarted my Apache, just in case). Here is
what happens when I try to access my folder from the browser:




This post is tagged

141 Comments

  1. mark

    how to enable url rewriting in windows? thank you so much for this tutorial but htaccess on windows is not very useful to me unless i can also use is to mirror my rewriting on my production server which uses freebsd. thanks for any ideas.

  2. Shashank

    Mark, did you enable your rewrite module in your httpd.conf? Uncomment this line if it exists:

    LoadModule rewrite_module modules/mod_rewrite.so

    Or just write it if it doesn’t already exist. That’s it.

  3. Xcape

    you need to put ” ” around the path to the password file, section 2.2.2.6

  4. Shashank

    Thanks Xcape. It works in the above example as there are no spaces in the path, but yes, if we had paths like this:

    c:\program files\apache group….

    ..then quotes are useful! Thanks for the tip.

  5. John

    “If you use Windows 2000 or above, then move on to step 4 (because you can create files like “.htaccess” on your system which do not have anything before the dot in the filename.”

    You sure? I can’t create a file named .htaccess in WIN2K

  6. riad

    hi,
    the tutorial is very nice, but there is something i did not understand !! as soon as i made the htaccess procedure , my apche server become very HEAVY !! is that normal ??
    thanks for answering

  7. Nickolas

    John> Windows 2000 (I’m using Advanced Server on my server) will not allow the creation of .htaccess files in the explorer, but if you save a notepad fiel as .htaccess, and rememeber to set the file type as “All types”, it’ll save the .htaccess file all well and good. And then copying and pasting the file works, as well as editing it’s content.

  8. Stuart

    First a very good tutorial, the best I have found on this subject.

    A few comments. when creating a new file on windows XP (right click,new/text_file then rename to ‘.htaccess’) I get a system error ‘You must type a filename’. Then when I rename it to ht.acl my system thinks the file is a ‘AutoCorrect List File’ which might or might not cause problems!! I renamed it to ‘ht.ac’ :) Then I added c: to the change in httpd.conf file as I assume this may be needed.??

    I restarted apache and tested my newly secured folder…. I got the user/pass prompt :) but my username and password failed :( - I have recreated my password file several times to check the spelling etc but the this has not helped :(
    If anyone has any suggestions please email me, or post here. thanks

  9. Shanx

    Hi Stuart,

    Thanks for the kind words. You’re lucky you’re on Win XP because I bet it works.

    (1) For creating .htaccess, don’t create it inside Explorer. Open Notepad, type something and SAVE AS “.htaccess” and choose the file type as “ALL FILES”. Works without a croak.

    (2) For Apache and your password file in general, I would delete everything and start afresh instead or renaming files etc. Just follow the instructions here from step 1. I created a new test secure folder and it works immediately. FYI, I tested this on my Win XP box which has Apache2 running. (Could test it for you on Win2K and Win98 as well).

    Hope this helps! -Shanx

  10. Stuart

    Thanks Shanx,

    I started again (removed the previous files etc) and it worked :)
    Thanks agian, Stuart

  11. Mike

    I’m using winXP with apache server I followed all the directions above but when I send my browser to the specific file, it says forbidden you don’t have access to /secure/ on this server. If I put a link from another page to it, it goes straight in without the asking about password or username, any ideas.

    Thank you

  12. Shanx

    You must have some other settings in your HTACCESS that may be conflicting with these security settings. Can you perhaps share your HTACCESS file? You can email me personally if you prefer.

  13. topquark

    So has anyone been able to use windows authentication with Apache 1.3.x?

  14. Alok

    Yes, I have. Are you having problems with it?

  15. Will

    If you cant create a .htacess file in windows you can use dos.

    1) Create a simple htaacess file in notepad just save it as “htacess” no “.”
    2) Run -> Cmd
    3) No we are in dos/command promptyness
    Here
    ren htaccess .htaccess

  16. immy

    Hi guys,

    I’m running xp with apache version 2.0.47. I have created the .htaccess file and left the these lines in in my conf file

    Order allow,deny
    Deny from all

    When i try to access the secure directory it lest me in with out any prompt for a password plus i dont see the .htaccess file listed when i get in through browser

    can anyone advise me what i should do to get it to work cheers

  17. Chris Traverse

    i followed the instructions to the letter (im running apache/1.3.29 on windows 2000). The first time i did it i just got an internal server error message. So i tried again and this time it justlets me access the files, no question of putting a password or username in.. Anyone else had these problems ?

  18. PatrikRoy

    Thanks for all, I tested it with Apache 2 on Windows 2000.
    Works fine :)

  19. Shanx

    Chris Traverse, you need to tweak your HTACCESS file, most likely. If you still haven’t got it working, please write to me personally with a sample of your HTACCESS file attached. HTH, Shanx

  20. foxer

    This didn’t work just like this, i had to put:

    AllowOverride All
    Options None
    Order deny,allow

    instead just “/apache/htdocs/secure”

    running apache 1.3.27

  21. jc

    Excellent tutorial

  22. John p.

    Wonderful tutorial.

    I have noticed many tutorials out there giving code and so forth, but none mentioned directives.

    So, am I to understand that [nc] or [r,l] is a directive?
    If so, is there a specific .htaccess manual for this?

  23. H Rage

    When creating a .access file on windows systems:

    Type one in notepad
    Save As

    “.htaccess”

    It is important to remember the quotes; they’re the things preventing the .txt extension and the filename alert when you only use an extension.

  24. Hi,

    I am running windows 2003 and apache 2. I followed your instructions, but if i go to secured area it doesn’t ask me for login (#7)

    here is my config please help as I need to bring my site live ASAP. thanks

    Shashank’s Edit:
    Your .htaccess file is here, due to the length

  25. ingenious

    Thank you- works like a charm with my apache 2 server