I am trying to write an administration area of my website.

http://www.anglersforchrist.com/admin

in that directory is my .htaccess

ErrorDocument 401 /common/reject.html
AuthUserFile /www/a/anglersforchristcom/common/.htpasswd
AuthGroupFile /dev/null
AuthName "AFC Administration"
AuthType Basic

require valid-user


I read the tutorial here: http://help.powweb.com/tutorials/htaccess/passprotect.php

and also several others

it asks me for the password but will not authenticate. I have tried all different directories and including <limit get> etc... nothing will work. what can I do?

4 things:

-Double check your syntax
-Make sure your .htpasswd is in correct folder
-Make sure your password in .htpasswd is encrypted
-Make sure you upload in ASCII...not binary

I think there's two problems with your .htpasswd path.

First, the username is too long. Powweb has a limit of 12 characters for the username. Check your username and make sure it's correct.

Second, your path to the .htpasswd file should have /htdocs in it.

AuthUserFile /www/a/anglersforch/htdocs/common/.htpasswd


This is assuming that /common is an actual directory you've stored the pages in.

Well, you are right and wrong.

I did have my username wrong and that corrected it.

If you read the faq at help.powweb.com it states:

Upload .htpasswd above the htdocs folder, in ASCII mode.

You should never put a .htpasswd file in yout htdocs folder. That makes it accessible to the world. I have read this in several tutorials.

Thanks for the help. I was getting frustrated last night.

You're right about .htpasswd in the /htdocs folder itself. Your path showed another folder called /common that was to contain the password file. But to show the correct path to it you need to add the /htdocs to the path statement.

This is, of course, assuming you want to password protect a folder called /common and it's contents :)

so did you manage to do it or not?

You can create a new folder on the same level as htdocs and cgi-bin. Then put your .htpasswd in there.

Somewhat like this:
/www/a/anglersforchristcom/new_folder/.htpasswd

If you did keep the path the way it is, you would have to add the htdocs folder in there:
/www/a/anglersforchristcom/htdocs/common/.htpasswd

it ended up being www/a/anglers/common/.htpasswd

it worked perfectly.

If you put your htpasswd underneath your htdocs folder, then anyone could download your password file with a web browser.

Thanks for the help guys.

OK, I see the confusion. There are *2* /common/ folders. 1 is where my reject.html file is. That is underneath htdocs. The other contains .htpasswd and is at the path specified at the beginning of the message.