Password Protecting Your Web Pages

Scope
This page is intended to give MacCoss lab members instructions for how to limit access to their web pages. It assumes a basic understanding of Linux.

Background
On the new maccossweb computer, everyone has a directory called 'public_html' in their home directory. All the files, symbolic links, and sub-directories in public_html can be viewed from the web. You may not want all of your data to be visible to the whole world in which case you can password-protect (i.e. require a username and password to view) some files.

Password protection is done at the directory level, not on a per-file basis. If you have a directory ~/public_html/protected-data/ with several DTASelect.html pages in it, you can require a valid user name and password to see any of those files. If you want some files not to require a password, they must be put in a different directory.

In addition, all sub-directories are protected. So in the above case, the file ~/public_html/protected-data/more-files/DTA-stuff.html will also require a password.

InstructionsHere's how you do it.

  1. Start in your home directory. Choose a username and password, for this example joe and schmo. Run this command
    $ htpasswd -c .htpasswd joe
    Type schmo when prompted for the password and then again when prompted to re-enter the password.
  2. Make sure you know the location of your home directory. If you're not sure, try
    $ pwd
  3. Move to the directory you wish to protect. Create a file called .htaccess with these lines in it.
    AuthType Basic AuthName "some name" AuthUserFile /net/maccoss/vol?/username/.htpasswd Require user joe You can replace "some name" with a description of the directory. It will appear in the dialog box prompting you for a password saying something like Enter username and password for "some name" at http://maccossweb.gs.washington.edu. Make sure the path after AuthUserFile is your home directory as found in step 2.
  4. That's it! Now test it by opening a browser and entering the URL for any page in the directory. Remember that public_html can be seen from http://maccoss.gs.washington.edu/~user where user is your username.
  5. If you want to protect a different directory with the same username and password, you only need to repeat step 3. In fact, you can just copy the .htaccess file to another directory to set up password protection there.
    If you want to use a different name, say joline, simply replace joe with joline in .htaccess. Then go back to your home directory and run this
    $ htpasswd .htpasswd joline After entering the password (twice) it should say "Adding password for user joline"
  6. As we have it set up, only one username and password works for each directory. You can add more users by repeating step 5 and then adding their usernames to .htaccess. Our .htaccess files now might look like this
    AuthType Basic AuthName "some name" AuthUserFile /net/maccoss/vol?/username/.htpasswd Require joe joline