Protecting your webpages with a password

[id : 267] [05/12/2011] [hits : 38286]

To protect your webpages with a password to restrict access to persons to whom this password was communicated, you can use a.htaccess file.

Step 1: Create a.htaccess file

First you need to create a file .htaccess in the directory you wish to protect and add the following instructions to it:

AuthType Basic
AuthUserFile /path/to/your/passwordfile
AuthName "Restricted Pages"
require valid-user
/path/to/your/passwordfile is the name of *your* password file that is used when you logon onto the webaddress you want to protect, for example /u/username/.htpasswd
You can either create this.htaccess file directly on the server, or create it on your local computer and transfer it to the server with FTP into the directory you wish to protect.

Step 2: Add users to your password file

You will have to login onto the server with telnet or ssh to add users that are allowed to access these pages. Once you're logged on and have arrived on the menu on the system, execute the following command on the system prompt (choose ! from the menu to get to the system prompt) to add a user to an existing passwordfile.
htpasswd /path/to/your/passwordfile username
where username is the login name that users have to specify to get access to your webpage. You will then have to propose a password and confirm it.

If the file /path/to/your/passwordfile does not exist, add the -c option to the command to create the file when adding the first user, as in
htpasswd -c /path/to/your/passwordfile username

That should do it. To see if it works, simply access a document in the protected area and verify that it asks for an authentication and accepts it when you logon.
Important: We strongly advise you to choose this username different from your own NetID/username. The same goes for the password.

Peter Van Rossem -

* The instructions above work on the (Apache) webservers at the Computing Centre (homepages/student/www).

* If you use 'htpasswd' on the server to create a new passwordfile, you may have to correct the file permissions of your site through the 'MACH menu' system (section 'Manage a personal homepage'), or correct the file permissions with the 'chmod' command

chmod go+r /path/to/your/passwordfile

: :: ::: ::::