r3 - 02 Aug 2011 - 21:21:21 - DavidParterYou are here: TWiki >  CSDocs Web  > WebPageProtectingHowTo

Protecting Web Pages

Warning: The security offered by these measures is minimal. There is no way to prevent other CS users from exploiting the system and gaining access to your protected web pages.

This document explains how to use restrict web page access by passwords or IP addresses.

Password Protection

Create a file called .htaccess in the directory you want to secure. You can only secure an entire directory, not individual files.

   AuthUserFile /path/to/.htpasswd
   AuthGroupFile /path/to/.htgroup
   AuthName "Foobar"
   AuthType Basic
   <Limit GET>
   require valid-user
   </Limit>

Be sure to substitute the correct paths and a more descriptive AuthName. The text following AuthName will be placed in the password prompt box. This .htaccess file will only let people in the .htpasswd file to view the web pages. If you want to limit the pages to certain people in your .htpasswd file you can specify them in the Limit element:

   <Limit GET>
   require user bbadger
   </Limit>

This will let only bbadger view the web pages, even if the .htpasswd file contains other entries. You can also limit the web pages to groups of people by creating a .htgroup file.

   my-users: bbadger other people

This .htgroup file defines the group my-users to contain bbadger, other, and people. You then change the Limit element in your .htaccess file:

   <Limit GET>
   require group my-users
   </Limit>

Now you create the .htpasswd file. This file contains all valid usernames and their encrypted passwords. We create it with the htpasswd program:

    htpasswd -c </path/to/.htpasswd bbadger>

This will create the .htpasswd file with an entry for bbadger. It will also prompt you for a password. If you want to add additional users omit the -c flag:

    htpasswd </path/to/.htpasswd other>

Restricting By IP Address

Create a .htaccess file in the directory you want to secure. You can only secure an entire directory, not individual files.

We strongly recommend against using this restriction as it is of limited utility and assumes that network assignments will not change.

   <Limit GET>
   order deny,allow
   deny from all
   allow from 128.105.0.0/18 128.105.96.0/19 128.105.128.0/17
   </Limit>

This will only allow computers in the Computer Sciences department (IP = 128.105.*.*) to read the web page.

You can also restrict by domain -- the following example allows access from anywhere at the UW.

   <Limit GET>
   order deny,allow
   deny from all
   allow from .wisc.edu
   </Limit>
Edit | Attach | Printable | Raw View | Backlinks: Web, All Webs | History: r3 < r2 < r1 | More topic actions
 
CSL Home
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback