I’m trying to set up password protection on an Apache HTTP server, and it’s not working. I hope someone can help me figure out what’s gone wrong.
First, the environment: Apache 2.4.4 installed with XAMPP Control Panel 3.2.1 under Windows 7 Professional.
http.config says “AllowOverride All.”
The .htaccess file in the protected directory says:
AuthName "Sample documents"
AuthType Basic
AuthUserFile "D:/htdocs/subsidy/.htpasswd"
require valid-user
XAMPP’s program directory is on drive C and the document root is on drive D. I made XAMPP’s Apache/bin directory the current directory on drive C and made the document directory’s subsidy subdirectory the current directory on drive D, and entered the command:
c:htpasswd -c d:.htpasswd samples
htpasswd prompted me for the password twice, and I entered it twice. When it quit I had a file named .htpasswd in the subsidy directory of drive D. I typed it and its contents looked correct according to the examples I’ve seen.
(BTW: This is a test on a private server. I know that the password file should not be in the document space, and I’d never put it there on a public server.)
Then I restarted Apache and tried to load a page from the directory. The browser simply prompted me for the username and password over and over.
The Apache error log says, “AH01617: user samples: authentication failure for “/subsidy/<filename>.html”: Password Mismatch.”
I deleted the .htpasswd file and ran htpasswd again, specifying a different password. I restarted the server, tried to load a page, and got the same problem.
To all appearances I’m simply entering the wrong password, but that seems impossible when I’ve just defined it myself – and I’ve tried twice, intentionally choosing a very simple password the second time. If the message means what it says, the cause must be something very different from the obvious one. Any suggestions on what could be happening?