How do I password protect an entire CodeIgniter development site with .htaccess?

[RyanMinor]

I have a website that I am developing for a client. He wants the entire website to be invisible to random users / search engines. I figured .htaccess with a .htpasswd was the way to go. My problem is that I am getting an internal server error after I enter the username and password. How can I get this to work so that him or I can enter the username and password and the site works as normal?

 

This is the .htaccess file:

AuthType Basic
AuthName "Test Site"
AuthUserFile /home/content/p/i/n/html/digrepro/.htpasswd
Require valid-user

# Options
Options -Multiviews
Options +FollowSymLinks

#Enable mod rewrite
RewriteEngine On
#the location of the root of your site
#if writing for subdirectories, you would enter /subdirectory
RewriteBase /

#Removes access to CodeIgniter system folder by users.
#Additionally this will allow you to create a System.php controller,
#previously this would not have been possible.
#'system' can be replaced if you have renamed your system folder.
RewriteCond %{REQUEST_URI} ^system.*
RewriteRule ^(.*)$ /index.php?/$1 [L]

#Checks to see if the user is attempting to access a valid file,
#such as an image or css document, if this isn't true it sends the
#request to index.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d

#This last condition enables access to the images and css
#folders, and the robots.txt file
RewriteCond $1 !^(index\.php|images|robots\.txt|css|products|js)

RewriteRule ^(.*)$ index.php?/$1 [L] 

 

Both the .htaccess and .htpasswd files reside in the web root folder.

[Mahngiel]

Add to your code:

AuthBasicProvider file

 

To tell apache that the password is contained with in file.

[Mahngiel]

Also, I do not know the filepath to the serving files for the site, but ensure your .htpasswd file is not servable.

 

AuthUserFile /home/content/p/i/n/html/digrepro/.htpasswd

 

That file path appears to me that it is.  You should place sensitive files outside of the serving directories.

[RyanMinor]

I still get the following after trying to log in after putting "AuthBasicProvider file" in my .htaccess file:

 

Internal Server Error

 

The server encountered an internal error or misconfiguration and was unable to complete your request.

 

Please contact the server administrator and inform them of the time the error occurred, and anything you might have done that may have caused the error.

 

More information about this error may be available in the server error log.

 

Apache Server at digrepro.com Port 80

 

Also, I moved the .htpasswd file one level up (out of the site root) and it still gave me the error. Why does .htaccess have to be such a pain?

[RyanMinor]

Also, here is my Apache Error Log:

 

[Tue May 01 16:48:35 2012] [error] [client 123.125.71.20] File does not exist: /var/chroot/home/content/p/i/n/pinkydinks/html/robots.txt

[Tue May 01 19:59:04 2012] [error] [client 95.108.150.235] File does not exist: /var/chroot/home/content/p/i/n/pinkydinks/html/robots.txt

[Tue May 01 19:59:04 2012] [error] [client 95.108.150.235] File does not exist: /var/chroot/home/content/p/i/n/pinkydinks/html/robots.txt

[Wed May 02 09:44:06 2012] [error] [client 66.249.71.239] File does not exist: /var/chroot/home/content/p/i/n/pinkydinks/html/robots.txt

[Wed May 02 11:54:09 2012] [error] [client 173.8.17.253] (2)No such file or directory: Could not open password file: /home/content/p/i/n/html/digrepro/.htpasswd

[Wed May 02 11:54:09 2012] [error] [client 173.8.17.253] (2)No such file or directory: Could not open password file: /home/content/p/i/n/html/digrepro/.htpasswd

[Wed May 02 11:57:11 2012] [error] [client 173.8.17.253] (2)No such file or directory: Could not open password file: /home/content/p/i/n/html/.htpasswd

[RyanMinor]

Problem solved. It turns out my path was incorrect. I created a file in the root of my site with the following code in it.

 

<?php echo __FILE__; ?>

 

It gave me the full path and once I changed it, everything worked.