Authentication (.htaccess) problems

Ok so I got webalizer running on my pc (pretty cool tool) and I want to password protect the directory so being the newbie on my way to beginer I checked appache.org. My weberserver directory is /usr/local/apache/htdocs In bash I ran htpasswd -c .htpasswd username and once prompted i put in my password, so now when i cat .htpasswd its says username:giBerSHish. That part I think i did right, now in my stats directory /usr/local/apache/htdocs/stats which is where webalizer outputs its file i ran the command (pico is my favorite editor) pico .htaccess and typed in the following:

AuthName "Webserver Stats"
AuthType Basic
AuthUserFile /usr/local/apache/htdocs/.htpasswd

require valid-user

then i saved the file and restarted apache, and accsessed mydomain.com/stats and to my surprise it didn't ask me for a password. so i am stomped, i am pretty new to linux so i don't know if this has something to do with file permissions or something i have enable in httpd.conf. I am running apache 1.3.19 on suse 7.2 thanks for all the help before hand.

You need:

<Directory "/usr/local/apache/htdocs/stats">
AllowOverride AuthConfig
Options xxx
...
...
</Directory>

Or

<Directory "/usr/local/apache/htdocs">
AllowOverride AuthConfig another
Options xxx
...
...
</Directory>

Where another is another directive-type.
Start here -> http://httpd.apache.org/docs/mod/co...l#allowoverride

Thanks a lot freebsd it now prompts me for a pasword, but when i try the username and password i have stored in /usr/local/apache/htdoc/.htpasswd they don't work my .htacces now looks the same be i added to /etc/apache/httpd.conf
<Directory "statsdirectory">
AllowOverride AuthConfig
</Directory>

>> i have stored in /usr/local/apache/htdoc/.htpasswd they don't work

Password incorrect or what?

Show us your .htpasswd. Or add another sample user and password, then tell us the original password and show us your .htpasswd. Then I can test if they match or not.

I've have a simular problem. The famous 500 error.

Config: Apache latest
OS: Win2000 advanced server

My http.conf:

<VirtualHost *>
DocumentRoot "C:/Program Files/Apache Group/Apache/htdocs/web"
ServerName www.myserver.com
ServerAlias myserver.com

</VirtualHost>
<Directory "C:/Program Files/Apache Group/Apache/htdocs/web">
Options Indexes FollowSymLinks MultiViews
AllowOverride AuthConfig
</Directory>

My .htacces

AuthUserFile c:/program files/apache group/apache/htdocs/web/.htpasswd
AuthGroupFile ResourceConfig nul
AuthName myserver
AuthType Basic

<Limit GET POST>
require valid-user
</Limit>

>> AuthUserFile c:/program files/apache group/apache/htdocs/web/.htpasswd

When your directory has space, Apache doesn't like it and you MUST quote your path like so:

AuthUserFile "c:/program files/apache group/apache/htdocs/web/.htpasswd"

Did that in the first place. But still getting the Internal Server Error.

Sorry, I have to say that I know nothing with Apache on win32.

>> The famous 500 error

Normally this is caused by your script. If you are sure it's not a problem with your script and it must be Apache, then there is only one possible cause:

You have placed something in .htaccess that Apache can't understand.

Note, I said .htaccess instead of httpd.conf. If you misconfigured your httpd.conf, Apache would throw you error upon startup.

Well, there's nothing wrong with script.

If i replace these lines in http.conf:
AllowOverride AuthConfig
</Directory>

to:

AllowOverride None
Order allow,deny
Allow from all
</Directory>

the site loads up.

And about the .htaccess, i posted it here.
Nothing wrong with it neither.

Could it be a bug in Apache?

My error log shows ".htaccess: Invalid auth file type: nul"
hmm..strange.

sorry for the stall in a reply i was out of town
This is what my .htpasswd file looks like

user:7MyUTzz8kVAbM

I was wondering if there had to be any special file permissions on .htpasswd?

>> user:7MyUTzz8kVAbM

How about the original password?

>> f there had to be any special file permissions on .htpasswd?

No. It just needs to be readable by Apache.

>>>>> user:7MyUTzz8kVAbM

How about the original password?

looks like MD5

the pasword is user the username is user

>> the pasword is user the username is user

The password is correct.

Here is a simple script to verify it:

#!/usr/bin/perl

$passwd = 'user';
$encrypt = '7MyUTzz8kVAbM';

$crypt = crypt($passwd,$encrypt);
if ($crypt eq "$encrypt") {
print "Password Correct\n";
}
else {
print "Password Incorrect\n";
}

Say you have:

AuthName "Webserver Stats"
AuthType Basic
AuthUserFile /non-existence/path/to/.foobar
require valid-user

in /usr/local/apache/htdocs/stats/.htaccess

and with AllowOverride AuthConfig in <Directory "/usr/local/apache/htdocs/stats">

Despite the non-existence .foobar file Apache unable to locate, you would still get the authentication prompt and a password incorrect in return.

That said, you need to make sure your .htpasswd file is readable by the user Apache runs as. So check your error_log and find out why that happened.