Securing Web Directories

By default, documents you make available on the Computer Science web server, http://students.cs.tamu.edu/, are readable by anyone with access to the World Wide Web, which means that many, many people can view your pages. In some cases, you may want to restrict access to your pages. To help solve this problem the department allows you to limit access to your files based on a username & password pair.

Note that this username and password are completely separate from the CS department’s account, and must be maintained by you. Further more, the usernames and password are sent as plain text (not encrypted) over the network, and are therefore susceptible to network eavesdroppers. This method is not very secure and should not be used to protect very sensitive data.

Step 1) Create the .htaccess file.

1. Login into sun.cs.tamu.edu (or any other of the department’s unix servers) using Putty.
   
   
2. Move into the directory you want protected such as,
   
   

   % cd web_home/my_protected_directory/

   
   
3. Create a file using Pico, emacs, or vi as follows:
   
   

   AuthType Basic AuthName "My Protected Area" AuthUserFile /user/<your_username_here>/web_home.pass Require valid-user

   
   

   Note if you want to password protect every thing in your website place this file just inside the web_home directory.

Step 2) Create the web_home.pass file.

1. Assuming your are already logged sun.cs.tamu.edu (or any other of the department’s unix servers) as described above use the htpasswd command to create a password file.
   
   

   % htpasswd −c /user/<your_username_here>/web_home.pass <your_username>

   
   
   
2. The command will then ask you for a password and again to confirm it.
   
   
3. To add more username and password pairs just use the same command above but without the −c option.

More Information?

For more information on .htaccess files see the apache documentation at http://httpd.apache.org/docs/howto/htaccess.html
To Top of Page