Search code examples
apache.htaccessubuntu.htpasswd

htaccess and htpasswd issue

i'm having an issue with setting up htaccess and htpasswd for a specific folder on my web server. I have exhausted all material and answers that currently exist on stackoverflow and have got no where. This is the best guide I have found https://help.ubuntu.com/community/EnablingUseOfApacheHtaccessFiles which I have been using and this is what I have done so far;

I have modified the apache2.conf file adding in the following at the bottom;

<Directory "/var/www/resultparse/">
AllowOverride AuthConfig
</Directory>

I have created the .htaccess file in the /var/www/resultparse/ directory;

AuthUserFile /var/www/resultparse/.htpasswd
AuthName "Authorization Required"
AuthType Basic
Require admin john

I have generated the .htpasswd file using the following commands adding the users john and admin;

htpasswd -c /var/www/resultparse/.htpasswd john
htpasswd /var/www/resultparse/.htpasswd admin

Which results in the following file being generated;

john:$apr1$we8lGQTG$dU2ZxXowyQSZKIQ3m2RU/.
admin:$apr1$mps05AMa$IGH9HBOWxO.CyU7SmuvND.

Finally I have restarted the apache server using sudo /etc/init.d/apache2 reload so that the new configuration is loaded.

The result of this is that when I visit a page in this folder I get prompted with a login box however if i specify the user as admin and password as admin (what i set it to) it prompts me again for a user and password making me think that it's not matching the username and password in the file.

I thought originally it may be a permission issue on the files so i modified the permission of the .htpasswd and .htaccess file to be 777 but no luck.

Interestingly if I modify the require field of .htaccess to: Require valid-user Then I do not get the dialogue box prompting me for the password.

Also if i change the AuthUserFile in the .htaccess to an incorrect path I get a internal server error when visiting the page proving that its finding the .htpasswd file.

Any help or suggestions on how to debug this would be greatly appreciated.

Solution

  • It looks like you're missing a user entity designation for the Require directive.

    Try changing that line to:

    Require user admin john

    Also, since you're allowing either user to log in, you could also try just doing:

    Require valid-user