Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
QUESTION How to protect a test installation via htpasswd?
#1
Hi,

for testing purposes, I copied my existing GS installation into a subdirectory of the same server.

Now I would like to protect that whole subdirectory from search engines and from curious people with a password.

I tried it with .htaccess entry and htpasswd file, but when I do so, and then try to call the adress "www.domain.de/subdirectory" in the browser, I always get a "Sorry! page does not exist any more" page - instead of a password question.

I tried this entry in the .htaccess file of the subdirectory: (at the beginning)


Code:
AuthType Basic
AuthName "Password please"
AuthUserFile "/home/user/public_html/subdirectory/pwpath/.htpasswd"
Require valid-user


and a corresponding .htpasswd file with username and encrypted password in it.

What did I do wrong?

Thank you,
Hypertexter
Reply
#2
First of all you have to contact support of your hoster, because every hoster
has it's own way of handling password protected folders. That means that
even if you are doing everything right with a .htaccess file it still might not
work because of the hosters own way of handling protected folders.

Things to check:

1) did you create a correct hashed password that goes in the .htpasswd file ?
     if you are not sure about that, use this service to create a hashed password:
     https://hostingcanada.org/htpasswd-generator/

2) Note for Security:

     the .htpasswd file goes inside a folder that should not be accessable by a visitor
     but only by Apache. Usually put the .htpasswd file above the web root.
     Usually you can access folders above the web root with your FTP,
     if not, contact your hoster support and they will do it for you

3) Did you specify correctly the path to the .htpasswd file in the .htaccess file ?

    the .htaccess file goes inside the folder or subdirectory you want to protect
    the .htpasswd file goes inside a folder that should not be accessable by a visitor
    but only by Apache. Usually put the .htpasswd file above the web root

4) Did you create a correct .htaccess file ?
    here is an example:

    AuthType Basic
    AuthName "Your own custom authorization required message."
    AuthUserFile /path/to/.htpasswd
    require valid-user
Reply
#3
Quote:First of all you have to contact support of your hoster

This was a direct hit. My hoster gives me a cPanel for configuring the webspace, and there I found a chapter for folder protection.

But: I switched it on and had the same effect as before with the .htaccess way: the sorry page.

I suppose it has something to do with the index.php file and perhaps with my specific .htaccess file. I have the rewrite engine on for URL's without .html and something like that.

Your points to check:

1. yes, I created it with an online generator, and I could not even reach the password input page

2. What do you mean by "goes inside a folder" and "put it above the web root"? The instructions I found all say the same, that the .htaccess file must be placed inside the folder which I want to protect.

3. Yes, I found out via a php file to show the path.

4. Yes, see my first post, but the path to the password file with "" around it.
Reply
#4
Quote:What do you mean by "goes inside a folder" and "put it above the web root"?

The web root is the level in your hosting tree from where the internet has access to your files (e.g. your website)
For security reasons the .htpasswd file should never be in the web root but always above the web root.
Check with your CPanel or your FTP if you can access folders above the web root or contact your hoster support about this
Reply




Users browsing this thread: 2 Guest(s)