Protecting Web Pages
Warning: The security offered by these measures is minimal. There is no way to prevent other CS users from exploiting the system and gaining access to your protected web pages.
This document explains how to use restrict web page access by passwords or IP addresses.
Create a file called
in the directory you want to secure. You can only secure an entire directory, not individual files.
Be sure to substitute the correct paths and a more descriptive
. The text following
will be placed in the password prompt box. This
file will only let people in the
file to view the web pages. If you want to limit the pages to certain people in your
file you can specify them in the
require user bbadger
This will let only bbadger view the web pages, even if the
file contains other entries. You can also limit the web pages to groups of people by creating a
my-users: bbadger other people
file defines the group
bbadger, other, and people
. You then change the
element in your
require group my-users
Now you create the
file. This file contains all valid usernames and their encrypted passwords. We create it with the
htpasswd -c </path/to/.htpasswd bbadger>
This will create the
file with an entry for
. It will also prompt you for a password. If you want to add additional users omit the
htpasswd </path/to/.htpasswd other>
Restricting By IP Address
file in the directory you want to secure. You can only secure an entire directory, not individual files.
We strongly recommend against using this restriction as it is of limited utility and assumes that network assignments will not change.
deny from all
allow from 188.8.131.52/18 184.108.40.206/19 220.127.116.11/17
This will only allow computers in the Computer Sciences department (IP = 128.105.*.*) to read the web page.
You can also restrict by domain -- the following example allows access from anywhere at the UW.
deny from all
allow from .wisc.edu