We Keep Coding

.htaccess 500 error after login with AuthType Basic

Here's my .htaccess file:
AuthType Basic
AuthName "LOG IN"
AuthUserFile .htpasswd
Require valid-user
After logging in, I get a 500 error. If I clear the .htaccess file, it works fine.
Any ideas?

I think you have to write the full path to your .htpasswd (on linux: /path/to/.htpasswd)
From http://weavervsworld.com/docs/other/passprotect.html
Troubleshooting
Make sure that the path specified in AuthUserFile is the correct full
path. This is a major cause of problems. If Apache cannot find the
.htpasswd file, then all attempts will fail.
Make sure the permissions
on the .htaccess and .htpasswd files are set so that Apache can read
them. chmod 0644 .htaccess chmod 0644 .htpasswd
Other issues may be
out of your control. Web administrators can lock down Apache so that
it ignores all .htaccess files it encounters. This can be achieved
with an AllowOverride None directive and option on the
ServerRoot/DocumentRoot directories. If this is the case (.htaccess
not allowed) you will have to kindly ask your web administrator to
allow .htaccess files with authorization directives in your personal
web directory. This can be achieved with AllowOverride AuthConfig
directive and option.

Important : Full path to .htpasswd refers to the real full path if you are using terminal than use
maddy#maddy:/var/www/html/project_name$ pwd
/var/www/html/project_name
File In /var/www/html/project_name/.htaccess
AuthType Basic
AuthName "My restricted Area"
AuthUserFile /var/www/html/project_name/.htpasswd
Require valid-user
File In /var/www/html/project_name/.htpasswd
someuser:$apr1$oi0zg2sf$jTagKK2S7StjC0WSVJLUH0
To generate user: password combination refer
1) http://www.htaccesstools.com/htpasswd-generator/
2) https://www.web2generators.com/apache-tools/htpasswd-generator
Not tested
https://www.gaslampmedia.com/generate-htaccess-password-htpasswd-from-the-command-line/

Since this question scores high in Google, I thought I'd append steven's answer a bit:
Full path to .htpasswd here refers to the real full path, not the path you see via ftp. For example, when I login to my shared hosting account with ftp, it seems my web root lives in /public_html
However that's just because how the ftp server is set up. The actual path to my web root is /home/username/public_html and setting the AuthUserFile keeping that in mind resolved the issue, at least for me.
I found the missing piece of information on the Webmasters site after some more googling.

If you use php and get Error - 500
A good shot is:
create a php file 'info.php' with content:
<?php
phpinfo();
Enter in this url in your browser
In Apache Environment
Look for DOCUMENT_ROOT
Get this content Ex: 'C:/wamp/www/'
And update your .htaccess:
AuthUserFile 'C:/wamp/www/.htpasswd'

Note: The question contains "After logging in" and the answers are not for that case.
I've ran into the same issue:
set up the authentication just as in the question
open the site in a browser
the login window pops up, I authenticate successfully
all subsequent requests result in 500
the access log shows the response was 500 but nothing in the error log
In this case the parent directory of the htpasswd file was not readable to the user running Apache. Apparently the first authentication is served using root credentials and subsequent ones (checking if the auth is still correct?) done by the user running Apache.

Apache LocationMatch authorize all subpaths PHP

We have a PHP site:
site.com
We want all subpaths from the root to require basic authentication. e.g.
site.com - no authentication required
site.com/subpath requires authentication
We have this directive:
<LocationMatch "^/.+$">
AuthName "members Only"
AuthType Basic
AuthBasicProvider file
AuthUserFile /Applications/MAMP/conf/apache/extra/auth-pass-file
Require valid-user
</LocationMatch>
However it is asking for a password when we go to http://site.com/ or http://site.com.
Can someone suggest a solution so that authorization only is asked for sub paths?

<LocationMatch "^/.*/.+$"> should work. Your LocationMatch is actually selecting everything in the root directory, you need to go one level down.

We added specific directories to check (ones that exist) and created an error redirect when people tried to fish for non-existent pages.

Because authz rules are applied not only to the actually-requested /, but also to what that expands to -- such as /index.html
You need to allow that separately, unfortunately...

Apache .htaccess - Can't access a file while trying to protect?

I am attempting to lock a file out for me only (it's a log, and I don't want users to see it).
This is my .htpasswd:
foo:bar
And this is my .htaccess:
AuthUserFile /home/kapip/public_html/.htpasswd
AuthType Basic
AuthName "This is allowed for admin purposes only"
<Files "users.log">
Require valid-user
</Files>
Even if I put in the correct password after the dialog, the dialog just flashes as if the request was sent, and then it pops up again. No matter what I put in, I can't see my file.
Some Specs
I'm on shared hosting
The .htpasswd, .htaccess, and log file are in the same directory
Even if i change users.log to users.txt, it still doesn't work
If I click "cancel" when it asks for credentials, it gives a 401 Response
Please help me! :(

Did you run htpasswd -c on your password file? It's normally a hash and not a plaintext password. Take a look at the htpasswd man page.
EDIT:
If you don't have shell access, you can create your htpasswd file using the htpasswd generator and the copy the file to your shared host. You should be able to use cPanel's FileManager.
One thing that I would suggest though: You should NOT put your htpasswd file in your public_html directory, people will be able to access it via http://your-domain/.htpasswd which is VERY BAD

.htaccess password protect directory but allow image file types

I need to password protect a directory with .htaccess, which I have successfully done. But the front end of the website was programmed to link to images within this password protected directory (not by me), but when a webpage tries to access those images it prompts the user to login.
Is it possible to password protect that directory, but allow any access to any image file type like *.jpg and *.gif?
My current .htaccess code is this:
AuthName "Secure Area"
AuthUserFile "/home/siteuser/.htpasswds/public_html/admin/passwd"
AuthType Basic
require valid-user
Thanks for any help!

AuthName "Secure Area"
AuthUserFile "/home/siteuser/.htpasswds/public_html/admin/passwd"
AuthType Basic
require valid-user
<FilesMatch "\.(png|jpe?g|gif)$">
Satisfy Any
Allow from all
</FilesMatch>
Edit to incorporate Shef's improvement

You could check all the different options of configuration .htaccess gives you in the following site:
Stupid htaccess Tricks

Did you try put it inside Filematch?
<FilesMatch "^.*(png|jpe?g|gif)$">
AuthName "Secure Area"
AuthUserFile "/home/siteuser/.htpasswds/public_html/admin/passwd"
AuthType Basic
require valid-user
</FilesMatch>

What you could try is to write an image display proxy:
Keep the directory like you have it now, with password protection.
On the .htaccess on the root of the website where the images are linked, add a Rewrite rule for those image types you want. This rule should redirect the call to a PHP handler script.
That script should evaluate the path that was being requested, load the file from the filesystem, deduct its header and send that to the client using header(), followed by the image file's content echo file_get_contents()should do.
PHP is not affected by the .htaccess so it should be able to read the file you need and proxy it to the end user.

most secure way to password protect admin files/folders?

what is the most secure way to password protect admin files/folders?
im on apache/php

The most secure way is to keep it off the internet alltogether ;-)
But irony aside, I'd suggest using .htaccess. Simple and requires no programming effort from you.
http://www.htpasswdgenerator.com/apache/htaccess.html#8

An alternative to the htaccess method is to put the files that should be protected outside the web-root - somewhere where a typical HTTP request can't reach them - and have PHP relay them back to the client as needed.
This is useful in situations where you need more control over the process than Apache gives you. Like, say: if you wanted to integrate this with your PHP application's member functionality; allowing members that have already logged in access to the files while denying access to others.

Create a .htaccess and .htpasswd with one of the 10000 .htaccess generators out there and use the htpasswd included in most distros to add users to the .htpasswd.

Securing admin folder with HTTP Authentication (.htpasswd & .htaccess)
Navigate to http://aspirine.org/htpasswd_en.html to generate
username and password in an encrypted form
Eg:
username: User_name
password: Mypassword
Result will be depending upon your selected hashing algorithm
Eg.:
User_name:TX9D66ksKUR0o
Save this in “.htpasswd” file
Creating a “.htpasswd” file on your web server other than the /public_html
directory. Preferably one directory above it in the /home folder which would
store the username and password in an encrypted form for the HTTP
authentication.
Add the following code to the .htaccess file inside the /admin
folder on your server. Do not forget to put the correct path of the
.htpasswd file in the following code snippet:
AuthType Basic
AuthName "Your_Name"
AuthUserFile path-to/.htpasswd/file
Require valid-user
AuthName "Authorisation Required"
require valid-user
# IP
# order deny,allow
# deny from all
# allow from xxx.xx.xx.xxx