1and1 .htaccess failures

I have a 1and1 hosting account, on their “shared Linux” platform. The issue I had was that I could not get the server to handle a .htaccess file.

What would happen is that I’d get a “Server Error 500” on something as simple as:

order deny, allow
deny from all

1and1 tech support was little help. I was told my syntax was wrong, and sent an email explaining .htaccess syntax to me. Classy.

What turned out to be the issue was my FTP upload. I was uploading in “Auto” mode through FileZilla, which defaults to ASCII for .htaccess. Which made .htaccess end up with Unix linefeeds on the 1and1 server. That seems perfectly rational for a Linux hosting package – alas, the 1and1 server doesn’t agree.

What I needed to do was force the file to have Windows linefeeds, which I did in Notepad++, then change the upload type to BINARY and upload .htaccess.

And that did it – my .htaccess files are now working.

Join the Conversation


  1. So, it’s actually better security practice to stay away from using .htaccess files. In fact, making an ACL of sorts in the httpd.conf file referring to a hashed password file not in the httpd root is best…

    Let me know if you want a sample config..

    1. Robert-

      Sure, see below.. All you need to do it add this to the httpd.conf file:

      AllowOverride AuthConfig
      AuthType Basic
      AuthName “Password Required for this section of the Web Site!”
      AuthUserFile /DIRECTORY/pass.conf
      Require user jeremy

      Then the “pass.conf” password file is done by:

      “htpasswd -c /DIRECTORY/password.conf USERNAME”

      that’s to create it.. just man the htpasswd to use other things like MD5 hashing.. good luck!

      1. wow… try to enter HTML in a comment and it messes up of course.. just remove the *’s in front of the brackets

        *Directory /DIRECTORY/TO/SECURE/*
        AllowOverride AuthConfig
        AuthType Basic
        AuthName “Password Required for this section of the Desert Penguin!”
        AuthUserFile /DIRECTORY/pass.conf
        Require user jeremy

  2. THANKS! Been tearing what little hair I have left out over this. Switched to binary, worked like a charm.

  3. I had a htaccess login/register/recover password working for a week. Then 1and1 over wrote my htaccess file with a blank. Then even after uploading my copy again the public parts of the site were prompting for user and password, but it wasn’t using our password file. It wasn’t my prompt by the way (it was a different prompt text, the Apache default).

    I have now removed all the htaccess files and support code, which means that any prompts are from a lower level than my site. Files that only 1and1 have access to.

    1and1 seem to have given up, Today I wrote them a piece on how htaccess works because they were struggling to get site public again, without any prompts. They have to change it in their files.

    Finally just now I received an email from their support saying “htaccess is limited to only your /log directory which is controlled by our support staff”.they are saying that we can not use the now ‘Standard’ hyaccess control system.

  4. I just wrote some .htaccess files on my 1and1 linux account. They are being ignored… Wish these hosting companies would care less about covering their asses and more about letting us get our work done.

Leave a comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: