File path, .htpasswd file and directory privacy

Samrridh · August 12, 2022, 12:05pm

i want to know the file path address

how do I do that

wackyblackie · August 12, 2022, 1:09pm

The path in the browser, or the path on the server?

Samrridh · August 14, 2022, 4:03pm

of the server, i want to make a .htpasswd file so I want to know the file path address to tell where it is stored

Greenreader9 · August 14, 2022, 4:23pm

The root folder is the /htdocs folder

Samrridh · August 14, 2022, 4:29pm

but how to know the exact destination
like in windows we can get it from the top bar

Greenreader9 · August 14, 2022, 4:32pm

If you want the .htpasswd file to affect your entire website, you put it in the htdocs folder. That is the full path, just /htdocs

Samrridh · August 14, 2022, 4:37pm

so writing this is correct (in .htaccess)

Greenreader9 · August 14, 2022, 4:38pm

Where is your htaccess file stored? It should not be stored outside of the root folder, so that would not be correct.

If you don’t know how to set it up, you should let the system do it for you. In the control panel, there is an option called “Directory Privacy”, I think that is what you are looking for.

Samrridh · August 14, 2022, 4:39pm

it is stored in a file in htdocs
not outside root folder

Greenreader9 · August 14, 2022, 4:40pm

So then why does your file path include the root folder?

Samrridh · August 14, 2022, 4:41pm

should it be like this?

Greenreader9 · August 14, 2022, 4:42pm

No, you are still including the root folder

Try “/.htpasswd” or “.htpasswd”

Samrridh · August 14, 2022, 4:44pm

see this is the home page(this .htaccess is not created by me, its by IF)

now inside htdocs is .htpasswd

and inside ‘site’ folder is mine .htaccess file

so I should write /htdocs/.htpasswd or just .htpasswd?

Greenreader9 · August 14, 2022, 4:46pm

I don’t see any .htpasswd files. You can’t connect to a file that does not exist.

Why don’t you just use the “Directory Privacy” feature in the control panel?

Samrridh · August 14, 2022, 4:50pm

though .htpasswd file is there

but ‘directory privacy’ did my work
thanks @Greenreader9

Samrridh · August 14, 2022, 4:52pm

but there is a probem with it, it just asks the username and pass once, I want that every time a person open that site it should enter the credentials

Greenreader9 · August 14, 2022, 5:10pm

Yes, because once you enter the username and password it saves a cookie to your computer telling it that you already logged in. New users don’t have that cookie, so they have to login.

Also, securing a website with htaccess is a bad idea, since a brute force attack is really easy.

Samrridh · August 15, 2022, 2:44pm

so whats the best way to secure it?

akshayan · August 15, 2022, 4:15pm

I don’t know if this is the best way, but how about securing the folder so that you need a username and password to go to it?

wackyblackie · August 15, 2022, 4:29pm

@akshayan, that is what the OP is trying to accomplish.

I have used AuthUserFiles before, so I’ll try to provide some guidance.
By far, the easiest way to set it up is via vPanel “Directory Privacy” feature.
However, if you don’t want to use that tool, I recommend generating your own .htpasswd file:

Go to this .htpasswd generator and select Bcrypt from the selections at the bottom. Type in your username and password and click “generate”
Copy the output to a new/blank file named .htpasswd
Save/close .htpasswd, open your .htaccess. Type this:

ErrorDocument 401 "You are unauthorized to view this resource!"
ErrorDocument 403 "You do not have access to view this resource!"
RewriteEngine On
RewriteRule .htpasswd - [F]
AuthType Basic
AuthName "Please authenticate to view this resource"
AuthUserFile .htpasswd
Require valid-user