.htaccess and .htpasswd - what am I doing wrong here?

[fuzzybabybunny]

For simplicity's sake I've put both my .htaccess and .htpasswd files in the same folder:

/downloads

.htaccess file

AuthUserFile /downloads/.htpasswd
AuthGroupFile /dev/null
AuthName "Secure Document"
AuthType Basic

<LIMIT GET PUT POST>
require user fuzzy
</LIMIT>

.htpasswd file

fuzzy:whateverthehellapachegeneratorgivesme

When I browse to /downloads I get the username/pass popup, I enter my user/pass, but it keeps popping up and finally I banned my own IP from accessing my own website.

 

[PhatoseAlpha]

I think you have to encrypt .htpasswd

 

[NiKeFiDO]

http://tools.dynamicdrive.com/password/

you'll get a 500 internal server error if the path to your .htpasswd file is incorrect (after entering in the password the first time).

 

[Nothinman]

Check your apache error log, it's usually pretty good about telling you what's wrong.

 

[fuzzybabybunny]

I got it! The .htaccess file needs the SERVER root, I was going from my www web root. I had no idea that there was even such a thing as a server root. Well, looking in my cpanel and got the server root, used that, and everything's good. But I'm confused - do regular html files like index.html just know to use the web root for root relative links instead of the server root? How do files know which root to use?

So instead of using

AuthUserFile /downloads/.htpasswd

in my .htaccess file it should have been

AuthUserFile /home2/victor/www/downloads/.htpasswd

 

[Nothinman]

But I'm confused - do regular html files like index.html just know to use the web root for root relative links instead of the server root? How do files know which root to use?

HTML files don't know anything, the web server does all of that.