.htaccess/.htpasswd 500 Internal Server Error

Apache.Htaccess

Apache Problem Overview

I'm working on blocking a folder with .htaccess, which I've never used before, and I'm having some trouble. Here's what I have

.htaccess (located in the folder I want blocked):

AuthName "Username and password required"
AuthUserFile /.htpasswd 
Require valid-user
AuthType Basic

.htpasswd (located at root, password is encrypted in actual file):

   tim:blah

I'm getting 500 Internal Server errors with this and I can't figure out why.

Apache Solutions

Solution 1 - Apache

Most likely problem is this line:

AuthUserFile /.htpasswd

This line should provide full filesystem path to the password file e.g.

AuthUserFile /var/www/.htpasswd

To discover your filesystem path, you can create a PHP document containing

echo $_SERVER['DOCUMENT_ROOT'];

Solution 2 - Apache

If nothing helped and you're using PHP you can make it work by putting this in your index.php (on top):

if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
    if ($_SERVER['PHP_AUTH_USER'] != 'user' || 
        $_SERVER['PHP_AUTH_PW'] != 'pass') {

        header('WWW-Authenticate: Basic realm="Protected area"');
        header('HTTP/1.0 401 Unauthorized');

        die('Login failed!');
    }
}

Solution 3 - Apache

Permissions can cause this issue too.

Make sure .htpasswd is readable by the web server user.

For instance, if you use nginx check the nginx.conf to find out what the server user is, if you use Apache you can find it out this way, etc.

Then set the right owners and read permissions to .htpasswd

Solution 4 - Apache

If you see 500 Internal Server error these days - it's mostly due to the fact that in newer Apache versions the path in AuthUserFile has to be put inside quotation marks.

AuthUserFile "/var/www/somewhere/.htpasswd"

Solution 5 - Apache

I would also add that some on some Web hosts, the .htpasswd file will not work if placed in a publicly accessible area. A recent installation I did confirmed this. As others have noted, it's best to place this in the root of the site.

Solution 6 - Apache

Had the same problem, it had to do with access! Have you given ownership of the password file to www-data user through

chown www-data /var/www/.htpasswd
chmod 640 /var/www/.htpasswd

? It's best to keep the password, for obvious reasons, to keep the password somewhere outside the /var/www/ directory, let's say /home/MYSERVER/ in such a case you also need to give ownership of this parent directory to the user www-data.

Categories
Recommended Apache Solutions
Recommended .Htaccess Solutions

Previous Solution:

Social media buttons slow down website load time

JavascriptHtmlFacebook Social-PluginsGoogle Plus-OneTwitter Button

Next Solution:

contentSize is not updated after reloadData is called on UICollectionView

IosUicollectionview

Attributions

All content for this solution is sourced from the original question on Stackoverflow.

The content on this page is licensed under the Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.

Content TypeOriginal AuthorOriginal Content on Stackoverflow
QuestionTim AychView Question on Stackoverflow
Solution 1 - ApacheanubhavaView Answer on Stackoverflow
Solution 2 - ApacheArneView Answer on Stackoverflow
Solution 3 - ApacheOriolView Answer on Stackoverflow
Solution 4 - ApacheHexodusView Answer on Stackoverflow
Solution 5 - ApachekarolusView Answer on Stackoverflow
Solution 6 - ApacheLab NapView Answer on Stackoverflow