The Ohio State University
Department of Electrical & Computer Engineering
search button

Creating password-protected WWW pages

It's important to note that the username/password pairs used here are totally seperate from actual user account information. The authentication information is of your creation - you establish the username/password, and the "users" cannot change them (only you can do that, using the htpasswd command). Be certain that your users know that the username/password information you give them is seperate from their own user account information - itās only for accessing this protected data.

  1. Create a seperate directory in your ~/public_html directory, and set its permissions. This is where you'll keep your password-protected web pages. It doesn't have to be called protected-dir, but that's what we're using for this example. If you use a differenty name, be sure to use that name instead of protected-dir throughout all of this.
    mkdir ~/public_html/protected-dir
    chmod o+rx ~/public_html/protected-dir
  2. Create the files .htaccess and .htpasswd inside the new directory
    touch ~/public_html/protected-dir/.htaccess
    touch ~/public_html/protected-dir/.htpasswd

    The .htpasswd file contains the username/password data for your protected directory.
    The .htaccess file defines the kind of protection, and tells the server where your .htpasswd file is.

  3. Set file protections for the files. Both the file must be accessible by the www user, a non-privved account that the WWW server runs as.
    chmod o+r ~/public_html/protected-dir/.htaccess
    chmod o+r ~/public_html/protected-dir/.htpasswd
  4. add user(s) to the .htpasswd file:
    htpasswd ~/public_html/protected-dir/.htpasswd user

    Youāll be prompted for a password for the user. Repeat as needed for as many user names as you need.

  5. edit the .htacess file (with, for example, pico or emacs) so that it looks like the following chunk of code. Substitute the result of "echo $HOME" for FULL-PATH-TO-HOME-DIR, and substitute the usernames you entered in the previous step for user1, user2, etc.:
    AuthUserFile FULL-PATH-TO-HOME-DIR/public_html/protected-dir/.htpasswd
    AuthGroupFile /dev/null
    AuthName ByPassword
    AuthType Basic
        <Limit GET>
        require user user1
        require user user2
        [...]
    </Limit>
  6. Now you can put your web pages inside protected-dir, and anyone who tries to access them via the WWW will have to enter a valid username/passwd before the pages appear. The URL for your protected pages will be:
    http://www.ece.osu.edu/~username/protected-dir/

    Where username is your username. The above URL will look for a file called index.html in your protected directory. For other filenames, append the filename to the above URL. Of course, you need to make sure that all the files still have proper permissions for local file access:

    chmod o+r ~/public_html/protected-dir/*
  7. You're done!

 

 
Department of Electrical & Computer Engineering Contact Webmaster
Site Map