Password protecting web pages

Access to a set of web pages can be restricted by Using User Authentication. A simple cookbook for setting this up is as follows:

Create a directory protected to be protected.

    mkdir public_html/protected		# create directory
    chmod go+x public_html/protected	# ensure web can access it

where "protected" is a directory name of your choice.

Create a .htaccess file in that directory. Cut and paste the following into public_html/protected/.htaccess:

    AuthUserFile /fac/u/username/public_html/protected/.htpasswd
    AuthGroupFile /dev/null
    AuthName "restricted documents"
    AuthType Basic

    <Limit GET>
    require valid-user
    </Limit>

where "username" is your username. Then properly protect the .htaccess file:

    chmod go+r public_html/protected/.htaccess

Finally, add user(s) to a .htpasswd file in that directory:
```
    touch public_html/protected/.htpasswd
    chmod go+r public_html/protected/.htpasswd
    /usr/local/apache/bin/htpasswd public_html/protected/.htpasswd george
```
htpasswd will prompt for the password for the user (in this case, george). [Note: htpasswd is currently available on the DCS faculty cluster only on athos and on the DCS research cluster only on research.]

Your protected files should then be available under the URL

   http://www.cs.rutgers.edu/~username/protected/

Note: As with all files being accessed via the web, they (and the .ht* files) must be readable by the httpd process. In general, that means the files themselves should be world readable and directories on the path to them must have the world execute bit set so that the files/directories can be opened. This implies that all users on the machine on which the files reside can read the files without restriction. If this is undesirable, special arrangements can be made to prevent this.

This page last updated January 25, 2007.