How to use a RELATIVE path with AuthUserFile in htaccess?

Question

I have a .htaccess that uses basic authentication. It seems the path to the .htpasswd file isn\'t relative to the htaccess file, but instead to the server config.

So eve

Answer 1

For just in case people are looking for solution for this:

<If "req('Host') = 'www.example.com'">
    Authtype Basic
    AuthName "user and password"
    AuthUserFile /var/www/www.example.com/.htpasswd
    Require valid-user
</If>

Answer 2

It is not possible to use relative paths for AuthUserFile:

File-path is the path to the user file. If it is not absolute (i.e., if it doesn't begin with a slash), it is treated as relative to the ServerRoot.

You have to accept and work around that limitation.

---

We're using IfDefine together with an apache2 command line parameter:

.htaccess (suitable for both development and live systems):

<IfDefine !development>
  AuthType Basic
  AuthName "Say the secret word"
  AuthUserFile /var/www/hostname/.htpasswd
  Require valid-user
</IfDefine>

Development server configuration (Debian)

Append the following to /etc/apache2/envvars:

export APACHE_ARGUMENTS=-Ddevelopment

Restart your apache afterwards and you'll get a password prompt only when you're not on the development server.

You can of course add another IfDefine for the development server, just copy the block and remove the !.

Answer 3

If you are trying to use XAMPP with Windows and want to use an .htaccess file on a live server and also develop on a XAMPP development machine the following works great!

---

1) After a fresh install of XAMPP make sure that Apache is installed as a service.

• This is done by opening up the XAMPP Control Panel and clicking on the little red "X" to the left of the Apache module.
• It will then ask you if you want to install Apache as a service.
• Then it should turn to a green check mark.

2) When Apache is installed as a service add a new environment variable as a flag.

• First stop the Apache service from the XAMPP Control Panel.
• Next open a command prompt. (You know the little black window the simulates DOS)
• Type "C:\Program Files (x86)\xampp\apache\bin\httpd.exe" -D "DEV" -k config.
• This will append a new DEV flag to the environment variables that you can use later.

3) Start Apache

• Open back up the XAMPP Control Panel and start the Apache service.

4) Create your .htaccess file with the following information...

<IfDefine DEV>
  AuthType Basic
  AuthName "Authorized access only!"
  AuthUserFile "/sandbox/web/scripts/.htpasswd"
  require valid-user
</IfDefine>

<IfDefine !DEV>
  AuthType Basic
  AuthName "Authorized access only!"
  AuthUserFile "/home/arvo/public_html/scripts/.htpasswd"
  require valid-user
</IfDefine>

To explain the above script here are a few notes...

• My AuthUserFile is based on my setup and personal preferences.
• I have a local test dev box that has my webpage located at c:\sandbox\web\. Inside that folder I have a folder called scripts that contains the password file .htpasswd.
• The first entry IfDefine DEV is used for that instance. If DEV is set (which is what we did above, only on the dev machine of coarse) then it will use that entry.
• And in turn if using the live server IfDefine !DEV will be used.

5) Create your password file (in this case named .htpasswd) with the following information...

user:$apr1$EPuSBcwO$/KtqDUttQMNUa5lGXSOzk.

A few things to note...

• Your password file can be any name you want.
• You should use .htpasswd for security.
• A great password generator found @ http://www.htaccesstools.com/htpasswd-generator/
• A great explanation and reason why you should use that name for your file is located @ http://www.htaccesstools.com/articles/htpasswd/
• MAKE SURE YOU PUT THE PASSWORD FILE IN THE CORRECT LOCATION!!! (See step 4 AuthUserFile area)

Answer 4

Let's take an example.

Your application is located in /var/www/myApp on some Linux server

.htaccess : /var/www/myApp/.htaccess

htpasswdApp : /var/www/myApp/htpasswdApp. (You're free to use any name for .htpasswd file)

To use relative path in .htaccess:

AuthType Digest
AuthName myApp
AuthUserFile "htpasswdApp"
Require valid-user

But it will search for file in server_root directory. Not in document_root.

In out case, when application is located at /var/www/myApp :

document_root is /var/www/myApp

server_root is /etc/apache2 //(just in our example, because of we using the linux server)

You can redefine it in your apache configuration file ( /etc/apache2/apache2.conf), but I guess it's a bad idea.

So to use relative file path in your /var/www/myApp/.htaccess you should define the password's file in your server_root.

I prefer to do it by follow command:

sudo ln -s /var/www/myApp/htpasswdApp /etc/apache2/htpasswdApp

You're free to copy my command, use a hard link instead of symbol,or copy a file to your server_root.

Answer 5

.htpasswd requires full absolute path from the absolute root of the server.

Please get full absolute path of the file by echo echo $_SERVER['DOCUMENT_ROOT'];.

here is working basic auth .htaccess script.

AuthType Basic
AuthName "Access to the Hidden Files"
AuthUserFile 'C:/xampp/htdocs/ht/.htpasswd'
Require valid-user

Before login

Afetr Login

Answer 6

or if you develop on localhost (only for apache 2.4+):

<If "%{REMOTE_ADDR} != '127.0.0.1'">
</If>