fsu seal Florida State University
Systems - Webmail - Web Support - UCS Home


 

UCS > Online help

Info for New Students

Secure Shell Help
Setup SSH

eMail

Listserve

Info for New Web Sites
Building a site
Intro to FSU's web
Publishing to the web

UNIX Operating System
Lynx:Text-only Webbrowser

FSU Computing

Policies
Data Management
and Security
Guide to Computing

University Computing Services

Password Protecting your Webpages

You can use .htaccess and .htpasswd to prevent your web pages from being viewed by unauthorized web users.

Web documents can be protected on a directory-by-directory basis. All files in a directory have the same restrictions. Access is controlled by a file named .htaccess that must reside in the directory that is being protected. The NCSA HTTPD Mosaic User Authentication Tutorial is a straightforward guide to configuring your server's security.

For example, to restrict access so that any users connecting from the fsu.edu domain can load the files, create a .htaccess file that looks like 

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName AllowFromFSU
AuthType Basic

<Limit GET POST PUT>
order deny,allow
deny from all
allow from .fsu.edu
</Limit>

To password protect a directory so that only the user "pumpkin" can load the files, use something like 

AuthUserFile /otherdir/.htpasswd
AuthGroupFile /dev/null
AuthName ByPassword
AuthType Basic

<Limit GET POST PUT>
require user pumpkin
</Limit>

The username "pumpkin" and password will be in the file /otherdir/.htpasswd, and the full Unix path to .htpasswd must be provided.

To password protect a directory so that only users listed in .htpasswd can load the files, use 

AuthUserFile /otherdir/.htpasswd
AuthGroupFile /dev/null
AuthName ByPassword
AuthType Basic

<Limit GET POST PUT>
require valid-user
</Limit>

Passwords can be created with the htpasswd utility that is provided with the web server software. On Mailer and Garnet, it is stored in the directory /usr/local/etc/httpd/support. You can create a pasword file for the user "pumpkin" with the command 

/usr/local/etc/httpd/support/htpasswd -c /otherdir/.htpasswd pumpkin
or add a new user with 
/usr/local/etc/httpd/support/htpasswd /otherdir/.htpasswd  username

The .htpasswd file must be readable by "other users", so put it out of the web server directory.

Non-UCS servers running NCSA or Apache web software should have the same capabilities for limiting access. Ask the system administrator about how to access the htpasswd program. Further information is provided at NCSA's and Apache's websites.

***** If you need additional help, please see our list of help resources. Please NOTE: The Technology Services Help Desk will NOT help students with websites related to coursework.

© University Computing Services, Office of Technology Integration 200 Sliger Building, 2035 East Paul Dirac Drive
Florida State University, Tallahassee, FL 32306 | 850/644-2591
Comments & broken link reports to webmaster