Protected Directory login is not working. Returns 403 forbidden

I have created the directory and a user ( to access it. The user has access to the protected directory (public_html\public) within the user configuration. There are .htaccess and .htpasswd in the protected folder root. I have rebooted webmin and apache using the console. I cannot login. I get a 403 error. I’ve tried both ‘’ and ‘public’ as login names. Neither work. The .htpasswd has an entry for ' What am I doing wrong?!

update: logging in with the correct credentials takes you straight to a 403, but putting in the wrong password will re-prompt a few times before 403 occurs.

update: Also updated passwords on user, verified the .htpasswd changed, but still could not log in and got the 403 forbidden notice. Creating an additional user with htpasswd writes the new user to the file, but the password is clearly encrypted differently than the one created by Virtualmin. Not sure if that is an issue.

update: created a folder ‘public’ within the other public folder (public_html\public\public) and tested with the same results.

OS type and version Debian 10.8 AWS
Webmin version 1.994
Virtualmin version 7.1-1
Related packages -minimal with mail services disabled


The password hashing format is irrelevant to the problem.

I would suggest to try to use for a username a simple alphanumeric string (a-z0-9), without special chars.

Also, check for those backslashes you specify on the path in your question – those are not used in Linux.

… and of course check the logs, like - Logs and Reports ⇾ Apache Error Log page.

Thanks. Yes, the paths were just for illustration. I have to jump between win/nix a lot. I will check into these suggestions and give it another shot.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.