I have a 1and1 hosting account, on their “shared Linux” platform. The issue I had was that I could not get the server to handle a .htaccess file.
What would happen is that I’d get a “Server Error 500” on something as simple as:
order deny, allow
deny from all
1and1 tech support was little help. I was told my syntax was wrong, and sent an email explaining .htaccess syntax to me. Classy.
What turned out to be the issue was my FTP upload. I was uploading in “Auto” mode through FileZilla, which defaults to ASCII for .htaccess. Which made .htaccess end up with Unix linefeeds on the 1and1 server. That seems perfectly rational for a Linux hosting package – alas, the 1and1 server doesn’t agree.
What I needed to do was force the file to have Windows linefeeds, which I did in Notepad++, then change the upload type to BINARY and upload .htaccess.
And that did it – my .htaccess files are now working.
Thorsten on (mostly) Tech 
So, it’s actually better security practice to stay away from using .htaccess files. In fact, making an ACL of sorts in the httpd.conf file referring to a hashed password file not in the httpd root is best…
Let me know if you want a sample config..
Could I please get the sample config file
Robert-
Sure, see below.. All you need to do it add this to the httpd.conf file:
”
AllowOverride AuthConfig
AuthType Basic
AuthName “Password Required for this section of the Web Site!”
AuthUserFile /DIRECTORY/pass.conf
Require user jeremy
”
Then the “pass.conf” password file is done by:
“htpasswd -c /DIRECTORY/password.conf USERNAME”
that’s to create it.. just man the htpasswd to use other things like MD5 hashing.. good luck!
wow… try to enter HTML in a comment and it messes up of course.. just remove the *’s in front of the brackets
*Directory /DIRECTORY/TO/SECURE/*
AllowOverride AuthConfig
AuthType Basic
AuthName “Password Required for this section of the Desert Penguin!”
AuthUserFile /DIRECTORY/pass.conf
Require user jeremy
*/Directory*
Interesting. I am having issues with 1and1 and a typical .htaccess configuration also. Time to move to a co-located server I think.
Helpful.
Thank you.
THANKS! Been tearing what little hair I have left out over this. Switched to binary, worked like a charm.
I had a htaccess login/register/recover password working for a week. Then 1and1 over wrote my htaccess file with a blank. Then even after uploading my copy again the public parts of the site were prompting for user and password, but it wasn’t using our password file. It wasn’t my prompt by the way (it was a different prompt text, the Apache default).
I have now removed all the htaccess files and support code, which means that any prompts are from a lower level than my site. Files that only 1and1 have access to.
1and1 seem to have given up, Today I wrote them a piece on how htaccess works because they were struggling to get site public again, without any prompts. They have to change it in their files.
Finally just now I received an email from their support saying “htaccess is limited to only your /log directory which is controlled by our support staff”.they are saying that we can not use the now ‘Standard’ hyaccess control system.
You sir, deserve a medal
I just wrote some .htaccess files on my 1and1 linux account. They are being ignored… Wish these hosting companies would care less about covering their asses and more about letting us get our work done.