how to enable url rewriting in windows? thank you so much for this tutorial but htaccess on windows is not very useful to me unless i can also use is to mirror my rewriting on my production server which uses freebsd. thanks for any ideas.

you need to put ” ” around the path to the password file, section 2.2.2.6

“If you use Windows 2000 or above, then move on to step 4 (because you can create files like “.htaccess” on your system which do not have anything before the dot in the filename.”

You sure? I can’t create a file named .htaccess in WIN2K

hi,
the tutorial is very nice, but there is something i did not understand !! as soon as i made the htaccess procedure , my apche server become very HEAVY !! is that normal ??
thanks for answering

John> Windows 2000 (I’m using Advanced Server on my server) will not allow the creation of .htaccess files in the explorer, but if you save a notepad fiel as .htaccess, and rememeber to set the file type as “All types”, it’ll save the .htaccess file all well and good. And then copying and pasting the file works, as well as editing it’s content.

First a very good tutorial, the best I have found on this subject.

A few comments. when creating a new file on windows XP (right click,new/text_file then rename to ‘.htaccess’) I get a system error ‘You must type a filename’. Then when I rename it to ht.acl my system thinks the file is a ‘AutoCorrect List File’ which might or might not cause problems!! I renamed it to ‘ht.ac’
Then I added c: to the change in httpd.conf file as I assume this may be needed.??

I restarted apache and tested my newly secured folder…. I got the user/pass prompt but my username and password failed - I have recreated my password file several times to check the spelling etc but the this has not helped

If anyone has any suggestions please email me, or post here.

thanks

Thanks Shanx,

I started again (removed the previous files etc) and it worked

Thanks agian,
Stuart

I’m using winXP with apache server I followed all the directions above but when I send my browser to the specific file, it says forbidden you don’t have access to /secure/ on this server. If I put a link from another page to it, it goes straight in without the asking about password or username, any ideas.

Thank you

So has anyone been able to use windows authentication with Apache 1.3.x?

Yes, I have. Are you having problems with it?

If you cant create a .htacess file in windows you can use dos.

1) Create a simple htaacess file in notepad just save it as “htacess” no “.”
2) Run -> Cmd
3) No we are in dos/command promptyness
Here
ren htaccess .htaccess

Hi guys,

I’m running xp with apache version 2.0.47. I have created the .htaccess file and left the these lines in in my conf file

Order allow,deny
Deny from all

When i try to access the secure directory it lest me in with out any prompt for a password plus i dont see the .htaccess file listed when i get in through browser

can anyone advise me what i should do to get it to work

cheers

i followed the instructions to the letter (im running apache/1.3.29 on windows 2000). The first time i did it i just got an internal server error message. So i tried again and this time it justlets me access the files, no question of putting a password or username in.. Anyone else had these problems ?

Thanks for all, I tested it with Apache 2 on Windows 2000.
Works fine

This didn’t work just like this, i had to put:

AllowOverride All
Options None
Order deny,allow

instead just “/apache/htdocs/secure”

running apache 1.3.27

Excellent tutorial

Wonderful tutorial.

I have noticed many tutorials out there giving code and so forth, but none mentioned directives.

So, am I to understand that [nc] or [r,l] is a directive?
If so, is there a specific .htaccess manual for this?

When creating a .access file on windows systems:

Type one in notepad
Save As

“.htaccess”

It is important to remember the quotes; they’re the things preventing the .txt extension and the filename alert when you only use an extension.

Hi,

I am running windows 2003 and apache 2. I followed your instructions, but if i go to secured area it doesn’t ask me for login (#7)

here is my config please help as I need to bring my site live ASAP. thanks

Shashank’s Edit:
Your .htaccess file is here, due to the length

Thank you- works like a charm with my apache 2 server

hi all.

nice tutorial.

I was wondering. Is it possible if you already set up a protected folder to add users via a sort of webbased script.,so dont have to physicly be at the server, but can remotely add an user account

thnx

I tried in W2k, thx it works but I can find a log off feature - I can access the “secure” directory again even I closed the IE after accessing it!

Any suggestion on making a log off session?

I got another trick to make windows accept filename .htacces
I have acces to a webdirectory and when I rename my file overthere, it’s no problem, so then I copy it back to my local protected directory et voila, it works!

Just wanted to thank you for having the answer I needed. Keep up the great work.

this is a nice tutorial but im having problems. i want to protect a director called “S04” in a directory called “jdang” in my htdocs. my apache is located in “c:\Program Files\Apache Group\Apache2”, so here is the relevant part of my httpd.conf file:

AccessFileName .htaccess

AllowOverride All
Options None
Order deny,allow

here is my .htaccess file (and yes, i properly named it as a .htacess in windows XP)

AuthUserFile “/Program Files/Apache Group/Apache2/passwd/passwords.txt”
AuthName “S04”
AuthType Basic

require valid-user

My password file is located in “C:\Program Files\Apache Group\Apache2\passwd\passwords.txt”

When i test it, i go to “http://xxx.xxx.xxx.xxx/jdang” I don’t see my folder “S04”. So, I manuall type in “http://xxx.xxx.xxx.xxx/jdang/S04” and it asks me for my username and password, and it accepts the username and password, but it comes up with this error:

Forbidden

You don’t have permission to access /jdang/S04/ on this server.

I know my username and password is correct because if i type in an incorrect combination it will just prompt me for my username and password again.

Sorry for the really long post, but could anyone help me?

Thanx very much for this tutorial!
I search around day and no one could help me!
Now it works….
Thanx

I’m having problems wiht this tutorial. Everytime I keep trying to access my folder that I set for authentication, it gives me a forbbend message. Here is my .htaccess file:

AuthUserFile “C:/Program Files/Apache Group/Apache/bin/passwd.txt”
AuthName “This is my secret area”
AuthType Basic

require user beetle

Can some one help. Thank you.

When I upload .htaccess or ht.acc to any directory on my server, my entire website got effected.

eg. when I create directory called secure, even my main / request for login.

Please help…

I’m using Apache 2.0.49 on Win2k
I’m using a .php script over Apache and set the
$z_apache_auth = true; # Append Apache user:password to playlist urls.
This is working fine for winamp… but my linux friends with xmms aren’t getting in..

dealt with this scenario?

Why doesn’t the secure folder list in the root folder of the server.

E.g. the folder /secure does not show up at all, you have to type in the address manually…

I don’t know what the problem is….I followed your instructions exactly, but when i go to the directory that is supposed to be protected, I keep getting:

Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, webmaster@123456.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

————————————————————————————————————————

Apache/2.0.49 (Win32) Server at 12345.afraid.org Port 80

my docroot is C:\webroot, Apache is under C:\web servers\apache2. If there’s anything else I should be doing, please tell me. Thanks in advance!

Jesse-
If a path in the .htaccess file has spaces in it, you must enclose it (the path) in quotes.

8^)

hi

the tut is really nice

my phpmyadmin path is c:/phpdev3/www/html/phpMyAdmin

my docroot folder is c:/phpdev3/www/html

my apache BIN folder path is c:/phpdev3/apache/bin

I want to prevent acceess to the phpMyAdmin folder so i created a passwd.txt file as required in BIN folder of Apache….

I added the necesary comments to the httpd.conf file in the CONF directory of Apache…..

& i created a .htaccess file in the phpMyAdmin folder with the necessary contents……

but when I try to access phpMyadmin folder, it tells me the following message

Forbidden
You don’t have permission to access /phpmyadmin/ on this server.
————————————————————————————————————————
Apache/1.3.19 Server at ballast Port 80

it does NOT ask me for the username & the paassword

ok ive got it to ask me for a user and pass hurrah

but i then get the message Forbidden
You don’t have permission to access /secure/ on this server.

what have i missed ?

tia.

This is a great tutorial, definitely the best I’ve seeen on the subject.

Similarly to others I think I’ve got a conflicting directive as once I am presented with the pop up box and I correctly enter my login details I get the following message:
“Forbidden
You don’t have permission to access /si/ on this server.
————————————————————————————————————————

Apache/1.3.27 Server at localhost Port 80”

My Apache access log states
“127.0.0.1 - irfan [08/Jul/2004:12:20:20 +0200] “GET /si/ HTTP/1.0” 403 304”

My Apache error log states
“[Thu Jul 08 12:20:20 2004] [error] [client 127.0.0.1] Directory index forbidden by rule: d:/home/www/si/”

My ht:acl file reads:

“AuthUserFile “c:/Program Files/EasyPHP1-7/apache/bin/passwd.txt”
AuthName “Documentation Area”
AuthType Basic

require valid-user
“

Is this in contrast with my httpd.conf file directives ?

“
DocumentRoot “D:/home/www”

Options FollowSymLinks Indexes
AllowOverride All

Options Indexes FollowSymLinks Includes
AllowOverride All
Order allow,deny
Allow from all

AllowOverride All
Options None
Order deny,allow

“

Thanks for pointing me in the right direction

PROBELM SOLVED :P

(IfModule mod_dir.c)
DirectoryIndex index.html index.htm index.shtml index.php
(/IfModule)

my index file had a .htm extension and .htm wasn’t listed in the above.

sorry for all the messages but at least you can now say that this tutorial is so great it even works on NT ;)

thanks!

Great tutorial! This helped me out of a jam this morning. Nice work…

Heres somthing a bit difficult… i followed your tutorial like so and when i got to access the protected directory i get a 500 Internal Server Error… here are the specs.

Operating System: Windows XP Pro SP2
Apache Server Version: 2.0.50

httpd.conf file:
http://www.itxserv.com/myhttpdconfigfile.txt

ht.alc file:
http://www.itxserv.com/secure/ht.alc.txt

Any suggestions would help….

http://www.itxserv.com/secure/ this is the correction for http://www.itxserv.com/secure/ht.alc.txt

nevermind.. i fixed it lol… Excellent tutorial btw..

This guide is the by far the best I have encountered. I have no prior Apache experience and this saved me big time.

Thanks!

This tutorial is good. But i have one question here.
If my Apache is different in a different server with my web applications. How do i set the path for the in httpd.conf

AllowOverride All
…………….
…………….

Can anyone please help?
Thank you.

#
# Based upon the NCSA server configuration files originally by Rob McCool.

[trimmed due to size]

above is my httpd.conf……I’m using winXP with apache server I followed all the directions above but when I send my browser to the specific file, it says forbidden you don’t have access to /secure/ on this server. If I put a link from another page to it, it goes straight in without the asking about password or username, any ideas.

Shanx,
have you thought about a forum? it is hard reading such long posts (nothing against the persons), for me anyway.

Please, post ONLY the relevant points in your solutions guys and gals. This makes it easy to evaluate, the usefulness and accuracy, and also makes easy reading.

I am really sorry for any disruption. If admin wants to take it off, no problem. But if any body knows the problem please do let me know. thanks

Your problem Shumam lies here (look at the arrows —>). You have given rights, but in the alias taken it away also. This should be corrected, either None or All.
——— SNIP ———
DocumentRoot “/web tools/machine_reporter/”
AccessFileName ht.acl .htaccess

AllowOverride All —> Allow All
Options None
Order deny,allow

Alias /machine_reporter/ “C:/web tools/machine_reporter/”

Options MultiViews
AllowOverride None —> Allow None for the same folder.
————- SNIP —————

tips:
- Check your Error_Log file in “c:/web tools/logs”. The answer is always in there.
- try not to use spaces in the names of folders (“web tools” should be “web_tools”), this is better.

reply:
Notice I did not correct it for you? I wanted you to get use to searching and correcting errors(I presume you are a Admin). Trust me, this is the best way, and incase it doesnot work, you have a start where and how to look.

I did not mean it like it sounded above, I apologise.

Shumam forget the crap from above(if that’s not working)the error Forbidden is because you do not have an index.html, index.php etc. file in the secure folder. People, do y’all remember this setting in your htconf file? -Indexes

This means noone is allowed to browse the folder when there is no index file. So, create an index file in the secure folder, tada!!.

That works! thanks

Thanks for providing this great tutorial. Its so much easier following examples than just reading about features without seeing them applied in a context! Good on you mate;)

I am not prompted for any file names can you look at this and see what I did wrong. thanks

DocumentRoot “D:/Program Files/Apache Group/Apache2/htdocs”

Options FollowSymLinks
AllowOverride None

Options Indexes FollowSymLinks
AllowOverride all
Order allow,deny
Allow from all

UserDir “My Documents/My Website”

AllowOverride ALL
Options None
Order deny,allow

AllowOverride ALL
Options None
Order deny,allow

DirectoryIndex index.html index.html.var
AccessFileName .htaccess

Order allow,deny
Deny from all

TypesConfig conf/mime.types
DefaultType text/plain

MIMEMagicFile conf/magic

This tute was just what I needed, had spent nearly 1 week trying to make .htaccess run locally like it does on my server, no joy atall ti’l I used this method of creating the password file, also using the .htacl extension if the appache httpd file helped I think, muchos thankos for this. regards.

Sean

Thanks for providing this great tutorial.

Thanks,

Finally made it work - but the process was complicated by the existance of “Virtual Hosts” on my server. And that part is not covered here.

In another set of instructions (somewhere), I remember vaguely, that entries are to be made into that virtual hosts section, if that’s where the portion of the server and host to be secured is located. Nothing worked (no username/password challenge) until I added lines to the main Httpd.conf section just under “AccessFileName .htaccess” line up there.

Anyway, I got quite confused over all this and would appreciate some specific instructions when “Virtual Hosts” is involved.

Thanks,

Brian

Great tutorial, but i can’t get it to work properly, have tried several things with various results, right now it doesn’t ask for a password.

Could anyone please help me?

jkue nailed it….I had the same access problem (forbidden) until I added the index file to the directory that was protected. Otherwise the tutorial is excellent.

I found the apache manual to be sufficent for instructions on .htaccess and what to do, even for the beginner like me

Hi,
This tutorial is really wonderful.I have gone through the steps and implemented the steps as stated by you. but i do not get any pop-up window asking for username and pswd.
I am using Win2k with apache server.

If anyone thinks its insecure to send your unencrypted password over, and over again to the website use these settings:

———————-
.htaccess
———————-
AuthType Digest
AuthDigestFile /u/soft/www/secure/.htpasswd
authname “Secured Login”
———————-

This setting will enctrypted your password (MD5) before sending it to the website. Mind this: the data send/received are not encrypted!

What is the use of this:
When you receive a 401 error, you a promt to login. When you do, your browser will remind your password so the next page will not promt you again. But your browser will log you in automatically.
You don’t mind, but your password will be send over-over and over again unencrypted over the internet.
A simple network sniffer could receive your internet traffic and retreive your password.
This setting will make that a bit harder to do.

Mind this: Older browsers might not support this feature (IE 4.0&lower).

TeDaDeS, where do you put this code?
AuthType Digest
AuthDigestFile /u/soft/www/secure/.htpasswd
authname “Secured Login”

i tried putting it in ht.acl and when i tried to access the site, the broswer gave me an error saying that “The server encountered an internal error or misconfiguration and was unable to complete your request.”

any help please

Does the paths work on long file name?

superb tutorial!

to those who had problem please try this tutorial as it is first.

u will much understand the flow and easier when you want to try your own setting.

one more thing to remember, try change to this setting in the IE > Tools > Internet Option > Temporary Internet Files > Choose every visit to the page.

I managed to setup my own htaccess. It works fine if i restart apache(after make adjustment to httpd file) & reload IE but fail when i click GO button. So the workaround to this problem is as above. (“Choose every visit to the page”).

Good luck!

Thanx for this wonderful tutorial! Bravo!

I haven’t see anything about the fact apache usually forbid all user to access .ht files. If you decide to use anything else than .htaccess like :

AccessFileName foo.txt

You should change this in httpd.conf :

Order allow,deny
Deny from all
Satisfy All

According to this it also mean that you can place your password.txt in the same folder than .htaccess and rename it to .htpasswd or .htanything_you_want. Nobody will be able to get it.

In the case of foo.txt I guess the following should work:

Order allow,deny
Deny from all
Satisfy All

password file can be something like foo.txtpasswd

My error log shows

“[Sat Feb 19 00:13:00 2005] [alert] [client 218.212.23.129] C:/Program Files/Apache Group/Apache2/htdocs/phpmyadmin/.htaccess: AuthUserFile takes 1-2 arguments, text file containing user IDs and passwords”

the passwd.txt is in C:/Program Files/Apache Group/Apache2/bin/ already but it seems it’s returning an error saying it’s not. Why?

I’m trying to protect C:/Program Files/Apache Group/Apache2/htdocs/phpmyadmin/

hey this might be stupid but I dont know the answer, and you guys seem to know a lot about it. Everything i have is working fine, the tutorial for everything worked great. but i dont know what it should look like in my passwd.txt file. I know the username and pass goes in there, but ive tried to put

username cat
password dog

and nothing works. plus im sure its not encrypted, should I worry about that and if so ,what should I do about it?

pauly

Ok, I just posted something, but I did the whole cmd prompt thing to encrypt the password in the passwd file and it worked, perfectly! but It wont let me in when I put in the info!

pauly

I have managed to set up htaccess on an externally hosted website but am having trouble setting it up on the local machine. I think my problem is with the directory setting in .htaccess.

The directory to be protected is:
C:\www\private
The password file is called passwds and is in the directory passwords, i.e.:
C:\www\private\passwords\passwds

My apache server is under:
C:\Program Files\PHP Home Edition 2\Apache2

Do I put in my AuthUserFile: “/private/passwords/passwds” (minus the “”),or;
“localhost/private/passwords/passwds”, or;
“C:/www/private/passwords/passwds”, or some other possibility that hasn’t occurred to me yet?

I have set the httpd.conf file to “AllowOverride All” for the directory C:/www, so the prompt box for login now shows up, but I suspect that it cannot find the passwds file which is why I cannot log in.

Any advice would be appreciated.

regards
Megan :o)

Great, Works just fine ! thanks for all .

Resime:
XP, Apache 1.3
1)
Create passwords file:
C:\oracle\splet\Apache\Apache\bin>htpasswd passwd.txt marko
Automatically using MD5 format on Windows.
New password: *****
Re-type new password: *****
Adding password for user marko

… and so on, for adding new users… (without -c) Password for my marko is: marko

2)Under htdocs create directory: safe_dir

Open Notepad, write:
AuthUserFile c:/oracle/splet/apache/apache/bin/passwd.txt
AuthType Basic
AuthName “Safe dir 1”
Require user marko metka

Save as ht.acl into the safe_dir

3)
Open httpd.conf and find and change:

# This controls which options the .htaccess files in directories can
# override. Can also be “All”, or any combination of “Options”, “FileInfo”,
# “AuthConfig”, and “Limit”
#
##AllowOverride None —comment it out
AllowOverride All

4)
Create test.htm and save it in safe_dir

5)
Run Appache, test access to the test.htm

Why original manual above did’t work on my PC:
I create ht.acl instead of .htaccess
I create passwd.txt instead of passwords

regards
Igor

Hi there,

I’ve been trying to protect access to a folder following the steps explained in the tutorial, but the problem now is that I can still access the folder using my explorer. There’s no box asking me for y username and passwd…

I did the following:
- In my http.conf file, I added the following:

AccessFileName .htaccess

AllowOverride All
Options None
Order deny,allow

I created the passwd.txt file in the folder
D:\Program Files\Apache Group\Apache2\bin

After that I created the .htaccess file containing the following info:

AuthUserFile “d:/Program Files/Apache Group/Apache2/bin/passwd.txt”
AuthName “This is my secret area”
AuthType Basic

require valid-user

I saved this file in the following folder:

d:/Program Files/Apache Group/Apache2/htdocs/secure

After that I stopped Apache and started it again.
I opened my browser, typed in ‘localhost/secure’.
The content in this folder was displayed.

How can I solve this problem?

Thanks,
Tom

Hello,
I set up authentication on my site using your tutorial and I thank you very much. however I have a question. I set up authentication on my machine running Apache 1.3.33 and it works perfectly. I tried to set it up on my friends machine running Apache 1.3.27 and it only partially works. I copied all the settings from my machine to his and set up the aliases. When you try to go directly to the restricted file ‘modify.pl’, you are asked for a username and password. However if you click on a link from the current page to ‘modify.pl. you are not prompted for a username and pass. Does anyone have an idea? Is this a bug with that version of apache and url re-directing? Any help would be nice…here is my config set up:

httpd.conf:

AccessFileName ht.acl

ScriptAlias /cgi/ “C:/computers/cgi/”


AllowOverride All
Options ExecCGI
Order deny,allow
Allow from all

ht.acl file:
AuthUserFile C:/computers/passwd.txt
AuthName “Enter user name to Edit”
Authtype Basic

require valid-user

and my password file is located C:/computers/passwd.txt

This works fine if i go directly to the page or if i go using a link on my Installation, but it doesn’t ask for authentication on my friends when re-directed from another page. Anyone have an idea?
Thanks Alot and great tutorial,
Alex

Hey, I have followed this great tutorial but I was unsuccessful. I get to the password prompt, but I can’t get past that. I have an index.html as well.

can you do any formatting of that password popup window? change the font? multiple lines? images?

Dear Sir,

I was stuck in my office for this reason, i was not able to do make password protected directory on client’s site. i got this page from google and i tried, hoooray it is fantastic i done it. thank you for CEO, developers…of this site. and i m very glad to see the Indian name below this page Mr. Shashank Tripathi as as Indian. Thanks a lot to everybody there.

Thanks & Rgds,
Sameer Pal Singh
sameerpalsingh@rediffmail.com

I must agree this is an awesome post and was very helpful. I followed the steps although once everything was complete and I went to see if it would asking me for username and password it didn’t. Im not sure what’s exactly wrong. Im running windows 2000 and apache 2.0.53 If someone might be able to point out what’s wrong that would be great.

Excellent tutorial. I followed your instructions and it worked first time perfectly on my WinXP machine.

I’d been searching for a good explanation of how to do this for some time and this one actually did the trick.

Thank you!

Thanks, this one really helped, I did know how to protect the directory in other webspaces, but this one showed me what to do with the apache conf on my own web server

Dude thanks very much for this very imformative + view of the created .acl files is a great advantage. Just out of interest how secure is using this method?

Great writeup! However, I noticed with Apache2, Apache uses the “httpd.default” .conf file instead of the httpd one. I don’t know if this is just me, but just thought I’d share, because I was having fits getting it to work until I realized this.

thanks for that very detailed tutorial!
got my server protected very quickly!

Cheers for the easy-to-follow instructions.

I have managed to get the thing working, but I have to enter the username/password twice, in identical login windows, before Apache will let me in. Not a serious problem but a minor irritation that I would like to deal with if anyone can help.

I have do like your instruction with Apache 2.0.55 but can not ! when I log in to http://localhost everything as normally without password protecd ! Could you please help me !

Thanks.

Having some trouble.
running Win xp pro service pack 1

.htaccess file looks like this

AuthUserFile C:/Apache Group/Apache2/bin/.htpasswd
AuthName “Members Area”
AuthType Basic

required Valid-user

config file looks like this

AccessFileName .htaccess

AllowOverRide All
Options None
Order deny,allow

When I try to test it , it gives me a 500 internal error

Can anybody help

Email: ghost1@nctv.com
subject .htaccess

thanks in advance

In the .htacces file I have:

AuthUserFile D:\streznik\www\reiki.htpasswd
AuthName “Members”
AuthType Basic

require valid-user

and in the .htpasswd I have:

admin:$apr1$Qh/…..$zBrg27pYbkwKIWypvMQQ6.

Created by command prompt :
htpasswd -c -b .htpasswd admin test

it gives me 500 internal error with the comment in the error log:

d:/streznik/www/reiki/.htpasswd: Invalid command ‘admin:$apr1$Qh/…..$zBrg27pYbkwKIWypvMQQ6.’, perhaps mis-spelled or defined by a module not included in the server configuration

Directorz settings:

DocumentRoot “D:\streznik\www\reiki”
ServerName reiki.petyasfreeworld.com

# Other directives here

AllowOverride AuthConfig
Options None
Order deny,allow

I also tried with AllowOverride All, but nothing changed.

I have Apache 1.3 on Windows 2000. It’s pretty rare configuration and I’m not sure that .ht files works there. Can you help me? I would like to stay on this configuration, because I’m not familiar with *nix systems.

Please help.

I’ve have many of the same “Forbidden” errors you have all had. Finally figured it out. I assume most of you are viewing Directory Indexes…

So

You need to have the following instead:
AllowOverride All
Options Indexes None
Order deny,allow

Without “Indexes” you will lose access to the directory views once you login.

Hi ,

I tried with the above tutorial . I found internal server error.When i checked my error log i found follwing statements:

/stage/app/reportsdata/.htaccess: Invalid command ‘AuthUserFile’, perhaps mis-spelled or defined by a module not included in the server configuration.

As i am sure AuthUserFile is not mis-spelled . The 2nd one tells about the required module. If anybody has any idea on this module please help me out.

Thanks Shashank.

Now i am getting the username and password pop up.When i am giving the username and password as i have created in the passwd.txt file, it failed.I tried all the steps once agin but the found no result.Can You suggest something.

Top tutorial! I have been trying to get this htaccess thing working for several weeks now, but nothing worked. The very first time I did things according to this tutorial it worked right on! Great!

Thanks!

Thanks for all, this tutorial is very easy, and good, i am not use .htacces all configuration in the config file httpd.conf

: = )

Thanks a lot for your succint and precise help.

Hi Shashank,
I’ve got Apache 2/php5/mysql5 running on Windows 2003. I ‘m interested in creating websites for each of our staff members—say about 50 users. These websites will not be publicly available, they will mirror websites on our public website, and once the information has been approved the files will be transferred to their duplicate public sites by the administrator.

My question, is this htaccess authentication method the way to password protect these “not public” directories? I’ve got a basic understanding of namevirtualhosts but I’m very confused on how to set-up Apache for multiple users with different passwords. And if possible, I’d like it to be setup so that these folks can use their existing network passwords.

Any assistance or direction you can provide would be GREATLY appreciated, I’m googled out and I still don’t know what approach to take.
Lsa

I have followed the step which you have given i am getting the window asking for the username and password, i have given the username and password that i have created on passwd.txt also created ht.acl file inside the secure folder

My problem is login cardinels are not validating pls advise me for the same

Hi guys, i followed the tutorial, and i think im doing exactly as it says, but it doesnt work, the password box is not prompting.

here is my htaccess file

AuthUserFile “c:/apache2/bin/passwd.txt”
AuthName “lalalal”
AuthType Basic

requiere valid-user

hii frend i have try it but when i restart the apache still zero ,no change i use windows 2000 profesional,
and this configuration
Apache(1.3.23),
MySQL(3.23.48)
PHP(4.1.1).
any body help me

Thank you for the quick-manual! Helped me get the .htaccess to work also in Windows! Tooks some loooooongs nights to tweak this out

One thing that was keeping me unsuccessfull was that I used those long filenames in the paths, e.g.

C:\Program Files\Apache Software Foundation\Apache2.2\htdocs

but after changing them all (including the path to the password file) to “DOS-Friendly” the system started to work without any problems - e.g.

C:/PROGRA~1/APACHE~1/Apache2.2/bin/.htpasswd

Just a thank you. It works as described for.

Thanks alot Marco

Nice tutorial, but I have one problem. I configured my Apache and now all my sites get an 403 error and at no one a prompt to login.

I can get the Apache challenge box to come up, but it does not accept my password, but keeps popping up the challenge box.

This also occurs when I pop up the challenge box directly, that is, without having an .htaccess file:

The problem is that when I add the login and password, there is no $_SERVER[PHP_AUTH_USER] or $_SERVER[PHP_AUTH_PW]. I can confirm that by commenting out the lines above, inserting:

print_r($_SERVER);

and submitting the Apache challenge box. The display of print_r does not include variables for PHP_AUTH_USER or PHP_AUTH_PW.

I’m using Apache 2.0 and PHP 5.1.4

I answer my own question:

The box that I was working on had PHP installed as a CGI executable. When you load PHP as a module, as indicated in the tutorial, it works, even on Windows.

Thank you very much! This worked fine on my WinXP Home w/ Apache 2.2.2, PHP 5.1.4, i.e. 6, Firefox 1.5. all on my humble little notebook. I am amazed this thread is over 3 years old. Thanx for sticking with it and helping all of us either getting back on board or just breaking in!

nice tutorial

but my username and password is not working. it just say ur not authorised.

thank you man!!!! you really help me with this small tutorial.everything working great.

i have problem with forbidden erros

and I check my logs error

here it is
[Wed Aug 02 11:36:47 2006] [error] [client 127.0.0.1] File does not exist: C:/Apache2/htdocs/favicon.ico, referer: http://localhost/

where do i get favicon.ico

please help

Hi,

Can somebody help me with my problem. I created one of those web sites that will ask you for your pass word on Windows. However, when I enter the password, it looks like that the pass word is not recognized. I am not sure what I am doing wrong.

Thanks for your help.

Hi,

I keep getting an “Internal Server error” . Other pages on my webserver can be accessed but this error shows when i try to access the ‘secure’ folder.
My .htaccess file is exactly the same as in the steps above.

Any advice will be much appreciated.

Ricky.

I followed the instructions to the letter and still get a “500 Internal Server Error” when I tried to access the “secure” folder. Error file shows the following line:

[alert] [client 192.XXX.XXX.X] C:/Program Files/XXXXXXXXXXX/ht.acl: AuthUserFile takes 1-2 arguments, text file containing user IDs and passwords

Running Apache 2.0.55 with PHP 4.4.3 installed on a Win2k Server box. The passwd.txt file in the /bin/ contains my chosen username and the encrypted password.

Hello, I am trying to get password protection working on my apache windows 2000 system.
I have followed everything exactly as the tutorial and read many other web help pages, however I only get “403 forbidden you are not authorised to view this page” errors when I try to enter the password protected folder.

My config file is uploaded here: http://www.bphprint.co.nz/config.txt

My htaccess file is uploaded here:
http://www.bphprint.co.nz/htaccess.txt

Can someone please help me out. PLEASE SOMEONE help me. I have been trying for hours.

This tutorial is fabulous, It works for me. Thanks for all the great effort to depict things so nicely

hi. i’m from lima peru. interesting the manual.

Hey! I’ve solved this problem!!! I just had to skip the step 4. Now everything works just perfect! Thanks for the tutorial!

Great tutorial, but couldn’t get it to work - kept denying my username/password … until I read down the comments and found Dave’s post some 15 months ago:

“I’ve have many of the same Forbidden errors you have all had. Finally figured it out. I assume most of you are viewing Directory Indexes.
So you need to have the following instead:
AllowOverride All
Options Indexes None
Order deny,allow
Without “Indexes” you will lose access to the directory views once you login.”

Yes, I was viewing directories and this fixed it for me. In the httdp.conf, “Options None” needs to be changed to “Options Indexes None”.

Thanks Dave for resolving this for me - and thanks to whoever is responsible for keeping this thread open for so long!

ok i got the pass word working and all but i enterd it in wrong one time and now it wont let me enter it agin and it says forbeden every time i try to here is what the error log says hope u can help
[Fri Apr 27 00:22:58 2007] [error] [client 127.0.0.1] Directory index forbidden by Options directive: C:/Apache2.2/htdocs/pass/, referer: http://localhost/

p.s i know my english is bad

Ive set up an Apache2 server on my WinXP home machine. its all goodie until i want to access my /secure folder. then i get a user/password request window. but it wont accept my user login. after 3 tries i get “Authorization Required” message. plz help. ive tried everything thats been said until this post =)

For those who do NOT get a user/pass window:

Make sure that you set “AllowOverride” to “All” instead of “None” inside httpd.conf (not just in .htaccess). The “AllowOverride” setting might occur a couple of times, so make sure you set all that are needed. For example the “AllowOverride” settings in the directive

and

Nice guide. Took me a little while to figure out that this just doesn’t work with when trying to access index directory listing. You must point to a specific page or file or else you will get a restricted error.
Few have posted fixes for this with a simple change in the conf file, but for my need, just including an index.html file. That is all I wanted in the first place.