Navigation

Home

 

Web Essentials

 

Troubleshooting Guide for Setting Up Web Pages with Password Security and/or Client Access Restriction

for Cal Poly Faculty, Staff, and Students.

This troubleshooting guide is designed to support the step by step tutorial on How to Setup your Web Pages with Password Security.

Once you have tried the step by step Password Security tutorial, return here for troubleshooting hints.

Troubleshooting Contents

1. Where should the .htaccess file be located within my UNIX account?

You should place the .htaccess file in the directory that you wish to protect. For example, if you wanted to protect a directory called images which is located within the public_html directory, you would type the following commands (assuming you JUST logged into your UNIX account and are at your home directory):

% cd public_html
% CD images
% pico.htaccess

or

% CD public_html
% CD images
% vi .htaccess

Return to the step by step Password Security tutorial.

2. What is the full UNIX pathname?

According to the Basic ByPassword Authentication Step By Step tutorial, the AuthUserFile must be the full UNIX pathname of the password file. This means that you have to give the exact location of the password file. You can determine what the full UNIX pathname is by typing the following at the percent prompt.

% pwd

For example, if John Doe wanted to know the full UNIX pathname of the location of his .htpasswd file that is located in a directory called private within his home directory, he would type the following.

%CD - ensures he is starting from his home directory
%CD - changes his directory to private
%CD - after he types the pwd, he would see something similar to /home/a1b/jdoe/private

The resulting .htacces file would look like the following:

AuthUserFile /home/a1b/jdoe/private/.htpasswd
AuthGroupFile /dev/null
AuthName ByPassword
AuthType Basic

<Limit GET>
require user pumpkin
</Limit>

This file says that

John Doe's .htpasswd file is located at /home/a1b/jdoe/private/.htpasswd
There is no group file.
The user allowed access is named pumpkin.

Return to the step by step Password Security tutorial.

3. When attempting to create the .htpasswd file, I get an error.

If you are trying to create a .htpasswd file and you get the following message:

Cannot open file /private/.htpasswd for write access.
fopen: No such file or directory

You may need to check the spelling of the path or type the full UNIX pathname of where you want to put the .htpasswd file. For example, if your current path is

/home/a1b/jdoe/public_html

and you want the password file to be located in a directory called private located in the home directory, you should type:

% htpasswd -c /home/a1b/jdoe/private/.htpasswd pumpkin

where the user being added to the password file is pumpkin. If you are just adding a user to an already existing .htpasswd file, you do not need to use the -c in the command line.

If you are creating a new user .htpasswd file and forgot the -c in the command line you will get the following message:

Cannot modify file /private/.htpasswd for reading.
Use '-c' to create it.

This means that you have not created a .htpasswd file yet. Add -c to the command line to fix the problem.

Return to the step by step Password Security tutorial.

4. Where should I put my .htpasswd file?

The .htpasswd file does NOT need to be in the same directory as the .htaccess file. The .htpasswd file can be located anywhere within your UNIX account. For security reasons, we suggest putting your .htpasswd file in a directory not in the public_html subdirectory or in any subdirectory of public_html.

Return to the step by step Password Security tutorial.

5. I get the following Error messages. What is wrong?

Error #1

Forbidden
You do not have permission to access  /username/filepath/ on this server.

Error #2

Authorization Required
Server could not verify that you are authorized to access the document requested.

  1. These errors could indicate one of four things:
  2. There is some syntax problem in the .htaccess file.
  3. The file .htpasswd does not exist in the path specified in .htaccess file.
  4. The permissions set on the directory where .htpasswd and .htaccess file exist are incorrect.
  5. The permissions set on the .htpasswd and .htaccess files are incorrect.
  6. Incorrect usernames in the .htaccess and .htpasswd files.

 

Syntax is very important. After any of the lines in the .htacces file (Ex. AuthName ByPassword) there can be no spaces or special characters such as apostrophes or quotes. A common substitution for spaces is the underscore ( _ ).

See, What is the full UNIX pathname to check if the path specified in the .htaccess file is correct.

To fix the file permissions problem check to make sure that the .htpasswd file does exist where you specified and check the .htaccess file for any misspellings in the AuthUserFile pathname. If everything is correct there, check the permissions on the directory where .htpasswd exists. If they are wrong, type the following:

% CD
% chmod og+x private

Note: These commands are for the John Doe example

Check the permissions on the .htpasswd and .htaccess files. If they are wrong, type the following:

% CD public_html
% CD images
% chmod og+r .htaccess

% CD private
%chmod og+r .htpasswd

Note: These commands are for the John Doe example

Finally, make sure you are using the same username in both the .htpasswd and .htaccess files.

Return to the step by step Password Security tutorial.

6. I created the .htaccess file in the proper directory, but the files are not password protected (I do not get prompted for a password).

This indicates that the access permissions for .htaccess are not set correctly. In the directory where the .htaccess file is located, type the following:

% chmod og+r .htaccess

Return to the step by step Password Security tutorial.