Information Technology Division

Webpage Password Protection

Using a UNIX program called .htaccess, you can restrict users from browsing materials on your web pages. Access to any or all of your web pages will be controlled with user/password authentication and authorization.

Per-file control is not available. Password protection can only be applied to a directory (folder); the password will apply to all the contents of that directory.

To protect an individual file, put the file into a directory by itself.

Set up Password Protection

Before setting up password protection, ITD recommends that you understand the following:

  • Telnet
  • Pico, a text editor on frank
  • Paths to your directories on frank
  • UNIX file permissions

The following steps will be completed in the directory you want to protect. The steps will be repeated for each directory you wish to protect.

1. Create .htaccess

  1. Login to your frank account.
  2. Change to the directory (folder) which will be protected
    frank $ cd directory name
  3. Create a file called ".htaccess" using pico, a text editor available on frank.
    frank $ pico .htaccess (This creates the file then opens it in pico)
  4. Enter the following information in your .htaccess file and save it. Frank is a case-sensitive server; copy the commands correctly.
    NOTE: The value of AuthName cannot contain any empty spaces. If a space is needed, substitute an underscore ( _ ) character.

    AuthUserFile complete path to your protected subdirectory /.htpasswd
    AuthGroupFile /dev/null
    AuthName your name, course, organization, etc...
    AuthType Basic

    <Limit GET>
    require user list authorized person(s) here

    ( Ctrl-x exits pico; when prompted, select Y for save)
Sample .htaccess File

AuthUserFile /users/faculty/johndoe/public_html/classfile/.htpasswd
AuthGroupFile /dev/null
AuthName ProfessorSmart
AuthType Basic

<Limit GET>
require user John Smith

The file "classfile," located in Professor Smart's public_html folder, is available to John Smith.

2. Create the Password

The following command will create the encrypted password and a hidden file named .htpasswd. Username refers to the person receiving your permission to access the file ("John Smith" in the above example). The names should match exactly.

frank $ /usr/local/etc/httpd/support/htpasswd -c .htpasswd username

  • The program will prompt you to enter a password and a confirmation. This is the password the user must enter to get access to your web pages.
  • Remember the password is case-sensitive; if you use an uppercase character, the users must use an uppercase character.
  • The path in the above command is correct; it will not be the same as the path to your protected directory.
  • NOTE: The "-c" option should only be used when creating an ".htpasswd" file for the first time. If an ".htpasswd" file already exists and a "-c" option is issued, the old ".htpasswd" will be deleted, and all previous username/password data will be removed.

3. Change Permissions

Change the permissions of the .htaccess and .htpasswd files to allow all users to read and execute them.

frank $ chmod a+rx .htaccess
frank $ chmod a+rx .htpasswd