It is quite simple to use .htaccess on Windows. Simple instructions with screenshots here.
Enabling password authentication on Windows using Apache (and here’s a link if you wish to RTFM) given the knowledge that you are busy folks so these are merely quick instructions to get it working on Windows.
Some things to know beforehand:
- Path to your Apache server (e.g., c:\apache)
- Path to your CONF folder (e.g., c:\apache\conf)
- Path to your DOCROOT folder (e.g., c:\apache\htdocs)
- Path to the folder you wish to password-protect. In my
example, lets take a folder called “secure”, so the path to this
would be “c:\apache\htdocs\secure”. (It could be ABOVE the htdocs
folder as well, FYI).
Ok, let the show begin:
- Open up your httpd.conf. (On my machine this is at
“c:\apache\conf\httpd.conf”). - Look for the word called “AccessFileName”. I believe there
should be a line like this:AccessFileName .htaccess
- If you use Windows 2000 or above, then move on to step 4
(because you can create files like “.htaccess” on your system which
do not have anything before the dot in the filename. If not, then
change this line to the following:AccessFileName ht.acl .htaccess
- Then, we need to add the directory to the configuration.
Instead of rattling on about how to do it, here is a
screenshot:
alt="This is what the HTTPD.CONF should look like. " />Please note that “/apache” in the directory path means that it
starts from the root drive on my machine (“c:”). Adjust
accordingly. - Our httpd.conf is done. Now we need to create the password
file. Open up a DOS prompt and go to the apache’s BIN directory. In
my case, it is “c:\apache\bin”. Anyway, again, I think a screenshot
is more helpful.
alt="Instructions for creating the password file" /> - Now, we need to create the HTACCESS file itself. As per point 3
above, either create a “.htaccess” or a “ht.acl”, whichever suits
you fine. I will keep my example to “ht.acl” because this works on
ALL windows systems if they use Apache 1.12…or above. Here is
what this looks like.
c:\apache\htdocs\secure\ht.acl
- Save the above file into your SECURE folder because it
represents only that folder context.
READY TO ROLL! (I restarted my Apache, just in case). Here is
what happens when I try to access my folder from the browser:
151 Comments
Hi ,
I tried with the above tutorial . I found internal server error.When i checked my error log i found follwing statements:
/stage/app/reportsdata/.htaccess: Invalid command ‘AuthUserFile’, perhaps mis-spelled or defined by a module not included in the server configuration.
As i am sure AuthUserFile is not mis-spelled . The 2nd one tells about the required module. If anybody has any idea on this module please help me out.
Mangal– in the modules section of your httpd.conf, is the following module enabled (does not have the hash sign at the beginning of the line) — mod_auth_db? Shashank
Thanks Shashank.
Now i am getting the username and password pop up.When i am giving the username and password as i have created in the passwd.txt file, it failed.I tried all the steps once agin but the found no result.Can You suggest something.
If the password isn’t working, your password file is either being saved in the wrong place, i.e., it is not consistent with the path in the ht.acl (under the section “AuthUserFile”), or you are entering the password incorrectly.
Top tutorial! I have been trying to get this htaccess thing working for several weeks now, but nothing worked. The very first time I did things according to this tutorial it worked right on! Great!
Thanks!
Thanks for all, this tutorial is very easy, and good, i am not use .htacces all configuration in the config file httpd.conf
: = )
Thanks a lot for your succint and precise help.
Hi Shashank,
I’ve got Apache 2/php5/mysql5 running on Windows 2003. I ‘m interested in creating websites for each of our staff members–say about 50 users. These websites will not be publicly available, they will mirror websites on our public website, and once the information has been approved the files will be transferred to their duplicate public sites by the administrator.
My question, is this htaccess authentication method the way to password protect these “not public” directories? I’ve got a basic understanding of namevirtualhosts but I’m very confused on how to set-up Apache for multiple users with different passwords. And if possible, I’d like it to be setup so that these folks can use their existing network passwords.
Any assistance or direction you can provide would be GREATLY appreciated, I’m googled out and I still don’t know what approach to take.
Lsa
I have followed the step which you have given i am getting the window asking for the username and password, i have given the username and password that i have created on passwd.txt also created ht.acl file inside the secure folder
My problem is login cardinels are not validating pls advise me for the same
Hi guys, i followed the tutorial, and i think im doing exactly as it says, but it doesnt work, the password box is not prompting.
here is my htaccess file
AuthUserFile “c:/apache2/bin/passwd.txt”
AuthName “lalalal”
AuthType Basic
requiere valid-user
hii frend i have try it but when i restart the apache still zero ,no change i use windows 2000 profesional,
and this configuration
Apache(1.3.23),
MySQL(3.23.48)
PHP(4.1.1).
any body help me
Thank you for the quick-manual! Helped me get the .htaccess to work also in Windows! Tooks some loooooongs nights to tweak this out
One thing that was keeping me unsuccessfull was that I used those long filenames in the paths, e.g.
C:\Program Files\Apache Software Foundation\Apache2.2\htdocs
but after changing them all (including the path to the password file) to “DOS-Friendly” the system started to work without any problems – e.g.
C:/PROGRA~1/APACHE~1/Apache2.2/bin/.htpasswd
Just a thank you. It works as described for.
Thanks alot Marco
Nice tutorial, but I have one problem. I configured my Apache and now all my sites get an 403 error and at no one a prompt to login.
I can get the Apache challenge box to come up, but it does not accept my password, but keeps popping up the challenge box.
This also occurs when I pop up the challenge box directly, that is, without having an .htaccess file:
The problem is that when I add the login and password, there is no $_SERVER[PHP_AUTH_USER] or $_SERVER[PHP_AUTH_PW]. I can confirm that by commenting out the lines above, inserting:
print_r($_SERVER);
and submitting the Apache challenge box. The display of print_r does not include variables for PHP_AUTH_USER or PHP_AUTH_PW.
I’m using Apache 2.0 and PHP 5.1.4
I answer my own question:
The box that I was working on had PHP installed as a CGI executable. When you load PHP as a module, as indicated in the tutorial, it works, even on Windows.
Thank you very much! This worked fine on my WinXP Home w/ Apache 2.2.2, PHP 5.1.4, i.e. 6, Firefox 1.5. all on my humble little notebook. I am amazed this thread is over 3 years old. Thanx for sticking with it and helping all of us either getting back on board or just breaking in!
nice tutorial
but my username and password is not working. it just say ur not authorised.
thank you man!!!! you really help me with this small tutorial.everything working great.
i have problem with forbidden erros
and I check my logs error
here it is
[Wed Aug 02 11:36:47 2006] [error] [client 127.0.0.1] File does not exist: C:/Apache2/htdocs/favicon.ico, referer: http://localhost/
where do i get favicon.ico
please help
Hi,
Can somebody help me with my problem. I created one of those web sites that will ask you for your pass word on Windows. However, when I enter the password, it looks like that the pass word is not recognized. I am not sure what I am doing wrong.
Thanks for your help.
Hi,
I keep getting an “Internal Server error” . Other pages on my webserver can be accessed but this error shows when i try to access the ‘secure’ folder.
My .htaccess file is exactly the same as in the steps above.
Any advice will be much appreciated.
Ricky.
I followed the instructions to the letter and still get a “500 Internal Server Error” when I tried to access the “secure” folder. Error file shows the following line:
[alert] [client 192.XXX.XXX.X] C:/Program Files/XXXXXXXXXXX/ht.acl: AuthUserFile takes 1-2 arguments, text file containing user IDs and passwords
Running Apache 2.0.55 with PHP 4.4.3 installed on a Win2k Server box. The passwd.txt file in the /bin/ contains my chosen username and the encrypted password.
Hello, I am trying to get password protection working on my apache windows 2000 system.
I have followed everything exactly as the tutorial and read many other web help pages, however I only get “403 forbidden you are not authorised to view this page” errors when I try to enter the password protected folder.
My config file is uploaded here: http://www.bphprint.co.nz/config.txt
My htaccess file is uploaded here:
http://www.bphprint.co.nz/htaccess.txt
Can someone please help me out. PLEASE SOMEONE help me. I have been trying for hours.
This tutorial is fabulous, It works for me. Thanks for all the great effort to depict things so nicely
hi. i’m from lima peru. interesting the manual.
Hey! I’ve solved this problem!!! I just had to skip the step 4. Now everything works just perfect! Thanks for the tutorial!
Great tutorial, but couldn’t get it to work – kept denying my username/password . . . until I read down the comments and found Dave’s post some 15 months ago:
“I’ve have many of the same Forbidden errors you have all had. Finally figured it out. I assume most of you are viewing Directory Indexes.
So you need to have the following instead:
AllowOverride All
Options Indexes None
Order deny,allow
Without “Indexes” you will lose access to the directory views once you login.”
Yes, I was viewing directories and this fixed it for me. In the httdp.conf, “Options None” needs to be changed to “Options Indexes None”.
Thanks Dave for resolving this for me – and thanks to whoever is responsible for keeping this thread open for so long!
ok i got the pass word working and all but i enterd it in wrong one time and now it wont let me enter it agin and it says forbeden every time i try to here is what the error log says hope u can help
[Fri Apr 27 00:22:58 2007] [error] [client 127.0.0.1] Directory index forbidden by Options directive: C:/Apache2.2/htdocs/pass/, referer: http://localhost/
p.s i know my english is bad
Ive set up an Apache2 server on my WinXP home machine. its all goodie until i want to access my /secure folder. then i get a user/password request window. but it wont accept my user login. after 3 tries i get “Authorization Required” message. plz help. ive tried everything thats been said until this post =)
For those who do NOT get a user/pass window:
Make sure that you set “AllowOverride” to “All” instead of “None” inside httpd.conf (not just in .htaccess). The “AllowOverride” setting might occur a couple of times, so make sure you set all that are needed. For example the “AllowOverride” settings in the directive
and
Nice guide. Took me a little while to figure out that this just doesn’t work with when trying to access index directory listing. You must point to a specific page or file or else you will get a restricted error.
Few have posted fixes for this with a simple change in the conf file, but for my need, just including an index.html file. That is all I wanted in the first place.
Thanks a million mate.. this guide helped me a lot to complete my assignment
thanks again
Shashank,
I have the same problem with my website protection. Entering correct user name and password gives me FORBIDDEN message.
Please advise me which part of httpd.conf would you like to see. I can show it to you.
Thx
GNP
Shashank,
Really a nice tutorial. Got it perfectly but after applying all the settings now getting forbidden message. Same problem occured many times above with others so I guess I will surely get solutions sooner.
Thx.
GNP
Hello,
Getting the same error msg FORBIDDEN. Done everything correctly as instructed above.
Please help. Thx in advance.
GNP
Hi!, i’m using windows vista ultimate with Apache 2.2.3 + PHP 5.2.4 and i have a warning to say:
Inside the .htaccess the passwd.txt PATH must be declared with ” “
Hi,
This works fine on my laptop with xp/apache
But when I do excatly the same with the right steps and paths on the computer of a friend with apache/xp than apache service fails to restart !!!
Do you have any idee what the problem might be ?
Regards from Holland,
Hall
Hall – you need to check the apache error log, and the windows application log and it will show you the answer.
I googled for a full day trying to get this right. Wish I would’ve found this page first! Thanks a million!!!!!
A lot of things (like .htaccess problem in Windows Server, httpd.conf AllowOverride strring etc..) has a problem for me for a while.
But i googled around the world. Only this page & some comments helps a lot!
Big thank you “sniptools”! I like you!
Hello,
I have a problem and can’t find the answer anywhere, maybe you can help.
First:
I am running the latest version of XAMPP setup on a windows XP machine.
I have htaccess working okay. I generated the passwords using the htpasswd.exe file in the Apache/bin folder.
Here is my problem.
I was looking for a web based manager to manage users. The ones I have tried all have been PHP based. The problem is that the passwords that are generated through PHP are different than the ones created using the htpasswd.exe file in the Apache/bin folder. As a results when I am prompted to login the passwords do not work.
It appears that the password that is entered at the login prompt are different that thoes created thru PHP.
Is there a setting in Windows that is causing this?
Is there something that I need to set in PHP to fix this?
Thanks you but i am find to who to active htaccess file on apache web server on windows server. Please help to this subject :S
Great tutorial. I am however getting a similar error message that Mangal got. I am getting an invalid command “AuthUseFile” message. I checked my .conf file and found that
LoadModule auth_basic_module libexec/apache22/mod_auth_basic.so
is uncommented. Any ideas?
i’m trying to overwrite the file httpd.conf but it won’t let me… It saya i don’t have the permission to save on it. What can i do?
Hi, thanks for the tutorial. I’ve just been doing this and it worked for restricting access to php/html files within ‘my secret area’, but for some reason I can still enter names of zip files into my address bar and Firefox will let me download them. Do you know how I can stop this?
Thanks for the great tutorial, sniptools.
I get as far as the username password dialog box, but, somehow not allowing access, if you will, please take a look at the .htaccess file and make any recommendations, please? thanks.
Somehow i cannot find your email address.
Please contact me lee@techsurgeongeneral.com
and i will respond with the .htaccess file, thanks again.
this is such excellent document for system admin
but i have problem
that in my window server WAMP
reweriterule not working ??
i want that with win server
Working great in Windows Xp..
Excellent