What should have been a straightforward .htaccess password trick, has turned into a total nightmare x(

All that should be needed to password protect a directory
is an .htaccess file in that directory, which points to .htpasswd.

.htaccess code >


AuthUserFile /site/.htpasswd
AuthName "Enter Password"
AuthType Basic
Require valid-user

the .htpasswd file has all the correct user names and encrypted passwords,
and is in the same directory as .htaccess

All files on the website except index.html and content.html have been copied into a new directory named /site/
where .htaccess is located.

The password prompt activates perfectly as soon as the login button is activated on the content.html page
which directs to /site/menu.html, after entering the correct password;

Yet, for some reason I get an Internal Server Error message when trying to access any files in the /site/ directory,
even though the password is correct.

As soon as .htaccess is removed from the directory, then all files and pages within the directory are accessable again.

I'm at the end of my rope

Any ideas?

Thanks in advance!

Wild stab in the dark, but is a "handmade" .htpasswd file supported by your web host?

On one of my hosts, I can manually create an .htaccess file, BUT as soon as I try to manually create the .htpasswd file, I get a server error. Instead, I have to use the web host's control panel to generate their version of a .htpasswd file, and only that is supported.

Might be worth checking.

Wild stab in the dark, but is a "handmade" .htpasswd file supported by your web host?

On one of my hosts, I can manually create an .htaccess file, BUT as soon as I try to manually create the .htpasswd file, I get a server error. Instead, I have to use the web host's control panel to generate their version of a .htpasswd file, and only that is supported.

Might be worth checking.


Ahaa! I hadn't even thought of that.

I will contact the webhost (Namesco) and ask if manually created .htpasswd files are supported.

The webhosting included a pre-existing .htaccess file in a CHROOT jail, the root directory is /web/
and placing the .htaccess file in the root directory affects the whole site.

The .htpasswd file worked perfectly when both .htaccess and .htpasswd were in the root directory.

so it may be that manually created .htpasswd files will only work when .htaccess is located in root.

Namesco say they there is no control panel .htpasswd generator,
so a .htpasswd file has to be generated by some other means.

I used Htpasswd Generator Pro to create the .htpasswd file,
so I will try using an online generator and see if that works.


////UPDATE////

SUCCESS!!!

I found that the AuthUserFile path is relative, not absolute, since the site is using a CHROOT jail.
so if it's in the same directory, the path must be: AuthUserFile .htpasswd


AuthType Basic
AuthName "Login"
AuthUserFile .htpasswd
Require valid-user

I no longer get Internal Server Errors with this path,
and passwords are accepted and directing to the protected directory perfectly!

If anyone else is having this problem.. (and it's not a "handmade" .htpasswd issue),
then THIS IS THE SOLUTION.