Help me password-protect my web site using .htaccess

[Green_Cymbeline]

I have googled the heck out of this topic and have done the following, but it still isn’t working. What am I doing wrong?

OK let’s say I have a web site called http://myname.com (not the real name of the site)

I want to protect any pages in this directory: http://myname.com/photos

So I created the following and placed them the the “photos” directory:

A file named “.htaccess” that looks like this:

AuthUserFile /photos/.htpasswd
AuthGroupFile /dev/null
AuthName “Photos”
AuthType Basic
<Limit GET POST>
require valid-user
</Limit>

And a file named “.htpasswd” that looks like this:

photos:ezvZw4IqWeAA6

The password I got by running it through an encryption thingie on a web site (there’s tons of these sites, I don’t remember which one I used.)

A few notes:
–I am pretty sure my web site host supports .htaccess
–I uploaded the files to my site using FTP, should I be using another method?
–I think the problem either lies in this line: AuthUserFile /photos/.htpasswd
I think that I did not write out the path correctly
–Or the problems lies in the way that my password is encrypted

Please help!

[Green_Cymbeline]

Here is some more info about why I did what I did:

Following directions on this site: http://www.freewebmasterhelp.com/tutorials/htaccess/3

This is what it says about making the .htaccess file:

Adding password protection to a directory using .htaccess takes two stages. The first part is to add the appropriate lines to your .htaccess file in the directory you would like to protect. Everything below this directory will be password protected:

AuthName “Section Name”
AuthType Basic
AuthUserFile /full/path/to/.htpasswd
Require valid-user

There are a few parts of this which you will need to change for your site. You should replace “Section Name” with the name of the part of the site you are protecting e.g. “Members Area”.

The /full/parth/to/.htpasswd should be changed to reflect the full server path to the .htpasswd file (more on this later).

And about .htpasswd:

Once you have created your .htpasswd file (you can do this in a standard text editor) you must enter the usernames and passwords to access the site. They should be entered as follows:

username:password

where the password is the encrypted format of the password. To encrypt the password you will either need to use one of the premade scripts available on the web or write your own.

I also tried the tool on this page: http://www.clockwatchers.com/htaccess_tool.html

[Green_Cymbeline]

Ooops that should not be

username:password (with a smiley face)

but

username(colon)password

[Duckster]

>> A few notes:

>> --I am pretty sure my web site host supports .htaccess

Make sure your web server does.

–I uploaded the files to my site using FTP, should I be using another method?

FTP is the standard.
**
–I think the problem either lies in this line: AuthUserFile /photos/.htpasswd**
I think that I did not write out the path correctly
**
–Or the problems lies in the way that my password is encrypted**
Use this .htaccess password generator. Works like a charm. Just make sure you have the correct path. Your web host should provide you with this.

[GusNSpot]

So, can you ‘hot’ link to a protected photo?

I have photo’s on different sites and I can not mess with them unless I am logged in.

I don’t put photos up on the web if I don’t want people to look at them, so I don’t see why you want to have that heavy an encryption ? But that is just me.

[Mops]

So, what does the server do wrong when you password-protect the directory as described above?

Does it still allow access without password, or does it deny access if you enter the correct username/password combination?

If it’s the latter My guess is that the cause is the line

AuthUserFile /photos/.htpasswd

The file path you need is not relative to the domain root, but the full path in the server’s file system.

Can you ssh to your site? In that case you just need to go to the directory and type pwd . Otherwise you need to know what the path in the server’s file system to your domain root is.

For example (ficticious example): if your site’s files are stored in the directory /customers/12345/websites/myname.com , then the line would be

AuthUserFile /customers/12345/websites/myname.com/photos/.htpasswd

[Green_Cymbeline]

Thank you everyone for your help! As I thought, the problem was simple. I had the server path wrong. I finally figured out what it was and it works!!

GusNSpot:

I don’t put photos up on the web if I don’t want people to look at them, so I don’t see why you want to have that heavy an encryption ? But that is just me.

Well, basically I plan to put up a bunch of family photo albums and I don’t want just any random person in cyberspace looking at them. I know it’s really no big deal, but I guess it’s to protect everyone’s privacy. Some people probably don’t like the idea of a bunch of photos floating around on the net that are publicly accessible.

[Duckster]

nyctea scandiaca:

Some people probably don’t like the idea of a bunch of photos floating around on the net that are publicly accessible.

Famous last words …

[Jayrot]

You may want to consider using a photo management system like Gallery (free, open source) that will allow you to create online galleries that can easily be password protected.