______________________________________________________________________________
WWW: Password protecting WWW pages
Q. How do I secure my WWW homepages such that only certain individuals can
access the page with the appropriate password?
A. Home page authentication is generally used in situations to protect
various user homepages from non-authorized individuals. Such pages are
protected by a password scheme which only authorized users may
authenticate to view the secured page.
For authentication to work for your homepages, you must create a seperate
directory inside of the dirctory where you keep all your restricted
homepages. Generally, that directory is /www/$user, where
$user is your account or login name. For example, a user could create
the directory /www/$user/secure where all their restricted
pages are stored.
Within the restricted directory /www/$user/secure is a file
named:
.htaccess
This file is what our server uses for securing web page directories.
The .htaccess file should be in the form:
AuthUserFile /www/$user/.htpasswd
AuthGroupFile /dev/null
AuthName ByPassword
AuthType Basic
require user guest
In the .htaccess file shown above, there are a totalof five fields.
The AuthUserFile field points to the location of the password file used
for authenticating users. The actual password file used for
authenticating users is named .htpasswd and is located in the sub-
directory /www/$user, where $user is your account name or
directory.
The AuthGroupFile field points to the location of the group file,
generally used for authenticating more than one user or groups of
users. For our example, this field is not used so we specify
/dev/null to say that the field is not used.
The AuthName field is used as a "label" for the browser authentication
session, and can be set to anything you want.
The AuthType field describes the type of authentication to use and
should be set to Basic, for Basic HTTP Authentication.
The field restricts the method GET for accessing the user
page. Other possibilities of limits or restrictions can be set for
methods POST and PUT. This particular example reqires user to
enter a password before they can access your page.
Actual password authentication of pages is done through the .htpasswd
file. This file is created with the Unix htpasswd command. To create
a password entry for user , you would issue the following
command at the Unix prompt:
htpasswd -c /www/$user/.htpasswd guest
...where $user is your account name or where you store your personal
homepages. At this point, you will be presented with a password
prompt, enter the password which you would like to issue to user
. Once the command finishes, a new password entry would be
made for user in the /www/$user/.htpasswd file.
The directory /www/$user/secure and all pages contained in
it are now secured and only accessible to those who login as user
with the right password.
(02-Aug-96/wwwppwp/TL)
___________________________________________________________________________
Copyright 1996 Northwest Nexus Inc. All Rights Reserved.
This document may not be reproduced nor redistributed in any form without
express permission; contact us at support@nwnexus.net with questions.