I got the password authentication to work. The problem is my custom 401 error page. It does not work. I made a page, saved it to a folder called error which is in the root directory.
Typed: ErrorDocument 401 /error/401.htm in the .htaccess file.
Nothing. It even gives me two errors on the default 401 error page, one for the password error, and another for my error whatever it is. It says a custom 401 error. Does anyone know what I can do? Thank you.

I'm not sure if it will help, but you may want to use full paths to the files, like this:

ErrorDocument 401 /www/u/username/htdocs/401.htm

(where 'u' is the first letter of your username and 'username' is your username)

That's how I do it on my site, anyway.


Also, if you don't mind, it would be helpful if you could post your .htaccess code and web site address here so we can take a look.

Here is my .htaccess file:

AddHandler server-parsed .html .htm
AuthUserFile /www/x/xuser/.htpasswd
AuthGroupFile /dev/null
AuthName "Please sign in"
AuthType Basic
<Limit GET POST>
require valid-user
</Limit>
ErrorDocument 404 /404.htm
ErrorDocument 401 /401.htm

Another question I have is how many .htaccess files should I have? Can you have more than one? Right now I have mine in my root directory. I do not have one in my /htdocs directory, or anywhere else. My custom 404 page does work. My 401 page does not. My error docs are directly in my /htaccess folder with all my other web pages. I got rid of the /error folder for now. It should work.


By the way, this is what it says on the default error page:

This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.

Additionally, a 401 Authorization Required error was encountered while trying to use an ErrorDocument to handle the request.

Now, I don't know too much about anything, but it seems that
it is trying to use my 401 page, but it couldn't because it is password protected. Is that possible?

What directory are you trying to password protect? Your whole site (htdocs), or some subdirectory of that?

If you are trying to protect your entire htdocs directory, the custom error page will not show up because it will be password protected too, as you suspected.

Yes, you can have more than one .htaccess file. If you are password-protecting htdocs/somedirectory then you will need two.

One should contain the password-protection information and be placed in the directory you wish to protect. It needs at least these lines (also including the other 3 lines in this file shouldn't hurt):

AuthUserFile /www/x/xuser/.htpasswd
AuthGroupFile /dev/null
AuthName "Please sign in"
AuthType Basic
<Limit GET POST>
require valid-user
</Limit>


The other .htaccess should go in htdocs. It should have the rest:

AddHandler server-parsed .html .htm
ErrorDocument 404 /404.htm
ErrorDocument 401 /401.htm

I think htdocs is a better place for your .htaccess than your root directory is.

If, on the other hand, you're trying to protect all of htdocs, I'm not sure if you will be able to get the error page to work at all. It would be better to protect a subdirectory of htdocs.