<!--StartFragment-->Using a UNIX program called .htaccess, you can restrict users from browsing materials on your web pages. Access to any or all of your web pages will be controlled with user/password authentication and authorization.
<p class="bodyText">Per-file control is not available. Password protection can only be applied to a directory (folder); the password will apply to all the contents of that directory.</p>
<p class="bodyText">To protect an individual file, put the file into a directory by itself.</p>
<h3 class="bodyText">Set up Password Protection</h3>
<p class="bodyText">Before setting up password protection, ITD recommends that you understand the following:</p>
<ul class="list">
<li>Telnet</li>
<li><a href="http://www.mtsu.edu/%7Eoit/oitref/pico.html">Pico</a>, a text editor on frank</li>
<li>Paths to your directories on frank</li>
<li>UNIX file <a href="/id0900b40a800d5b5d">permissions</a></li>
</ul>
<p class="bodyText">The following steps will be completed in the directory you want to protect. The steps will be repeated for each directory you wish to protect.</p>
<h4 class="bodyText">1. Create .htaccess</h4>
<ol class="oList">
<li>Login to your frank account.</li>
<li>Change to the directory (folder) which will be protected<br /> <code>frank $ cd</code> <var>directory name</var><br /></li>
<li>Create a file called ".htaccess" using pico, a text editor available on frank.<br /> <code>frank $ pico .htaccess</code> (This creates the file then opens it in pico)<br /></li>
<li>Enter the following information in your .htaccess file and save it. Frank is a case-sensitive server; copy the commands correctly.<br clear="all" /> NOTE: The value of <code>AuthName</code> cannot contain any empty spaces. If a space is needed, substitute an underscore ( _ ) character.<br /><br /> <code>AuthUserFile</code> <var>complete path to your protected subdirectory</var><code>/.htpasswd</code><br /> <code>AuthGroupFile /dev/null</code><br /> <code>AuthName</code> <var>your name, course, organization, etc...</var><br /> <code>AuthType Basic</code><br /><br /> <code><Limit GET></code><br /> <code>require user</code> <var>list authorized person(s) here</var><br /> <code></Limit></code><br /><br clear="all" /> (<kbd>Ctrl-x</kbd> exits pico; when prompted, select <kbd>Y</kbd> for save)</li>
</ol>
<h5 class="bodyText">Sample .htaccess File</h5>
<p class="bodyText"><samp>AuthUserFile /users/faculty/johndoe/public_html/classfile/.htpasswd<br /> AuthGroupFile /dev/null<br /> AuthName ProfessorSmart<br /> AuthType Basic<br /><br /> <Limit GET><br /> require user John Smith<br /> </Limit></samp><br clear="all" /><br clear="all" /> The file "classfile," located in Professor Smart's public_html folder, is available to John Smith.</p>
<h4 class="bodyText">2. Create the Password</h4>
<p class="bodyText">The following command will create the encrypted password and a hidden file named .htpasswd. <var>Username</var> refers to the person receiving your permission to access the file ("John Smith" in the above example). The names should match exactly.</p>
<p class="bodyText"><code>frank $ /usr/local/etc/httpd/support/htpasswd -c .htpasswd</code> <var>username</var></p>
<ul class="list">
<li>The program will prompt you to enter a password and a confirmation. This is the password the user must enter to get access to your web pages.</li>
<li>Remember the password is case-sensitive; if you use an uppercase character, the users must use an uppercase character.</li>
<li>The path in the above command is correct; it will not be the same as the path to your protected directory.</li>
<li><strong>NOTE:</strong> The "-c" option should only be used when creating an ".htpasswd" file for the first time. If an ".htpasswd" file already exists and a "-c" option is issued, the old ".htpasswd" will be deleted, and all previous username/password data will be removed.</li>
</ul>
<h4 class="bodyText">3. Change Permissions</h4>
<p class="bodyText">Change the permissions of the .htaccess and .htpasswd files to allow all users to read and execute them.<br /><br /> <code>frank $ chmod a+rx .htaccess</code><br /> <code>frank $ chmod a+rx .htpasswd</code></p>
<!--EndFragment-->
Webpage Password Protection