I wanted to password protect a folder on my server, the server is local, not on somebody else's machine.

The program that apache offers was being a pain, so I simply dropped it in the folder I wanted to password protect, then directed the C-Prompt there, and ran it by typing:

htpasswd -c .htpasswd username

(username with the username I wanted) - then it prompted me for the password twice, I entered it, okay, done successfully.

And it created my .htpasswd file.

I then created a new text file and re-saved it to create the .htaccess file, in that file I have listed:

"
AuthUserFile C:\..\.htpasswd (goes all the way to the directory)
AuthType Basic
AuthName "My Secret Folder"
Require valid-user
"

Without the quotes. So I have the .htaccess file in there, and the encoded wD5 (or whatever it is) .htpasswd file in there created by the htpasswd.exe cmd app provided with apache.

Only problem is, it doesn't work worth of damn. The folder is still fully accessable without any prompt of a username or password. I wanna hide this folder ASAP. Does anybody see anything wrong with what was done or know if apache has anything in the httpd file that would restrict or stop this?

I don't really know much about it, I got this far by googling stuff, but now I seem to have hit a wall.

Any help would be greatly appreciated, thanks in advance.

What OS are you using? It sounds like you are using Apache for DOS/Windows. Is that correct? If so, which flavor of Windows, and (more importantly) what file system is the hard drive using that the folder is on (FAT 12, 16, 32: NTFS, or *nix based)?

Sorry about that. I'm using Windows XP Media Center Edition with Apache 2.2. I didn't install XP on this computer, I bought it with XP on it, which is very rare as I like to do it myself to avoid all their extra crap. In any event, I bought it last ~September ('06), I'm going to take the assumption the formatted the drives to NTFS right from the factory.

Okay, now some questions about this folder. It is a sub folder in your web site, correct? Is it required to be there by some function of the web site? If not, why not delete it? If you must have it, How do you plan on it being accessed? Will there be some authentication from the web site? Or will only users of the PC be the only ones to access the folder and its contents?

One option, if only you need the file, or a specific process needs the file is to use NTFS security permissions to lock the folder down. This won't work well if you need web authenticated users to access the folder. Also, do you have directory browsing turned off? It's bad mojo to let users browse your web site directory structure.

This is a sub folder on the website, it's not a required folder for the website's function. It's a folder I want to be able to access outside of this room, but have it prompt you for a PW there, of course there's the simple: "just don't tell anybody the URL" thing - but the way some pple have their browsers setup it'll remember the URL anyways.

The way I read this it was supposed to prompt you for the PW for the session I guess. I don't need anybody to access this but me, other stuff I don't care about, I want to host this online but I'd rather random ass people not digging through it. I have PHP db's but I'm not looking to install MySQL db's so I can just have this password thing :crook:.

I just read that this method will work for what I need it for and it doesn't, so I was just wondering if anybody could shed some light on that.

I have no idea id directory browsing is off or on (as I have no idea what that is), and I have no idea about browsing website directory structures.

Sounds to be outside of my purview, sorry. Like you, I'd have to find the proper person to ask. You may ask about having this moved to the Website Development forum, as it appears to be a good question for the guru's who may not view this locale but do those.

Well I figure the problem is with apache, but I could be wrong, it's applicable for either forum I suppose.

This should be a relatively simple task from the "how-to's" I've read, but computers aren't my forte. Here's what I've been using as my "decided" how-to. I would be wondering if it was only this one, but this is like the 10th how-to I've seen using this method, so there has to be some kind of structural truth behind it.

Password protecting your pages with htaccess

Like I said, open to anybody that can shed some light on this method.