You are here

Password protect a ENCS web directory

1. Prepare your Website and Web Directory

The information about how to setup ENCS web pages can be found here.

2. Create a .htaccess File

This file should be in the same web directory that you want to protect. You have to login from one of ENCS Linux desktops or ssh to one of ENCS Unix servers, then use your favorite text editor from Linux/Unix command console to create such file (e.g. pico .htaccess). In this file, type in the following lines.

AuthType Basic
AuthName "Restricted Files"
AuthUserFile /www/home/U/USERNAME/ProtectedWebDir/.htpasswd
Require user SOMEUSER

Where U is the first letter of the USERNAME, and SOMEUSER is the required username that you can choose to visit your protected web site. For example if you were user jsmith with web documents in the directory '/www/home/j/jsmith/protected/', and you wanted to restrict access to the required name testuser, your .htaccess file might look like:

AuthType Basic
AuthName "Restricted Files"
AuthUserFile /www/home/j/jsmith/protected/.htpasswd
Require user testuser

3. Create a .htpasswd File

You can create this file in the same directory as .htaccess by typing in the information below:

htpasswd -c .htpasswd SOMEUSER

In the example above, the username is testuser so you would type:

htpasswd -c .htpasswd testuser

You will be prompted to enter the password you want. The .htpasswd file will be created in the current directory and will contain an encrypted version of the password.

NOTE: To add a new user or modify an existing user, type: htpasswd .htpasswd anotheruser

4. Provide Proper Permissions to the two Files

You have to give proper permissions to .htaccess and .htpasswd files. Type the following command:

chmod a+r .htaccess
chmod a+r .htpasswd

5. Protect your Web Directory from Access through the Filesystem

Now that you've protected your web directory from unauthorized access from the web, you probably also want to protect its contents from being accessed by ENCS users through the filesystem.

You'll need help to do this: open a ticket (with "servicedesk@encs.concordia.ca") and ask AITS to make the directory owned by the web user, and not world-readable. The sysadmins will make the needed changes for you.

Be aware that the contents of the directory will still need to be world-readable in order to be served by the web server. If you use Windows to create new files after the directory ownership and permissions are changed, you'll also need to explicitly change permissions on newly created files to (a) add permission for the owner (that's you!) to write to the file, and (b) add permission for others to read the file.

6. View Protected Web Pages

To view your protected web pages, go to any web browser and type the following Web address:

http://users.encs.concordia.ca/~yourusername/ProtectWebDir/

Example: If you were user jsmith and your protected web directory is "/www/home/j/jsmith/protected/", you have to type:

http://users.encs.concordia.ca/~jsmith/projected/

7. Unprotect this Web Directory

To unprotect this web directory area, just delete the .htaccess and the .htpasswd files.