Path to .htpasswrd and .htaccess

I have several URLs at the root.


I have a genealogy site where others can download my data.
On this site I am trying to restrict access to the entire site via .htaccess.


AuthName "Restricted Area"
AuthType Basic
AuthUserFile /.htpasswrd/.htpasswrd
AuthGroupFile /dev/null
require valid-user

ErrorDocument 401 "

You have to actually BE a member to view this page, Colonel!
ErrorDocument 400 /errors/badrequest.html
ErrorDocument 403 /errors/forbid.html
ErrorDocument 404 /errors/notfound.html
ErrorDocument 500 /errors/internalerror.html [/code]

I have tried setting AuthUserFile path to:
AuthUserFile root/.htpasswrd/.htpasswrd
AuthUserFile /root/.htpasswrd/.htpasswrd
AuthUserFile /.htpasswrd/.htpasswrd
and can’t seem to get it right.

A common password file can be accessed by all my URLs off of the master root.
The contents of the PASSWORD FILE IS FOUND in the folder (off of the root) ‘.htpasswrd’ in the file ‘.htpasswrd’

THE CONTENTS OF THE PASSWORD FILE ‘.htpasswrd/.htpasswrd’ IS:

#-->>   This file was generated in 'Htpasswd Generator' (8/27/2010)   <---#
#--->                              <---#
#--->                                                                 <---#
#--->   Total users:    11                                            <---#
#--->   Disabled users: 0                                             <---#



I feel the error is in the syntax of the path but I can’t seem to get it right.


First, I need to warn you: You may have posted actual passwords that you use. If this is the case, discontinue using the passwords IMMEDIATELY!

Here is how to properly use these files:

  • place .htaccess in the directory you want to protect.

  • place .htpasswrd in your home folder (the place your (S)FTP client first goes to) DO NOT put it inside your domain folder.

  • Set the AuthUserFile in the .htaccess file to /home/username/.htpasswrd (Where username is the name of the user that you use to login to (S)FTP).

That should fix it. By the way, the DreamHost panel can set up authentication for you, it just can’t use things like custom error messages.

Let me know if you have any other questions :slight_smile:

I’ve edited out the plain-text passwords, but you should still change them immediately.