protect web sites with a password

It is possible to protect subdirectories of public_html with a password against undesirable reading access from the web. This is, indeeed, just a weak protection, because every user with a rcs-login can read the page. But it is suitable in order to make low security data accesible for just a specific group of users.

The following example will explain the setup of a password protected directory:

Let the target directory be:

/home/fs2/v9/testuser/public_html/sec

Thus, following user information should be replaced:
 

  • Login: testuser
  • Home directory: /home/fs2/v9/testuser
  • Directory to protect: sec


Create a file /home/fs2/v9/testuser/public_html/sec/.htaccess with the following content:

AuthName   Test
AuthType   Basic
AuthUserFile   /home/fs2/v9/testuser/public_html/sec/.htpasswd
require   valid-user

The file .htpasswd containing permitted users and their appropriate passwords is created as follows:
 

  • Login as a testuser (replace testuser with your desired login) on a login server via slogin.
  • Via

    /usr/sbin/htpasswd2   -c   /home/fs2/v9/testuser/public_html/sec/.htpasswd   otto

    a file will be created and the first permitted user (otto) and his password (will be requested) will be registered.
  • Every further user has to be registered with

    /usr/sbin/htpasswd2   /home/fs2/v9/testuser/public_html/sec/.htpasswd   otto1

    If otto1 already exists, you can also change his password with this procedure.
  • Finally replace the matching files:

    chmod   644   /home/fs2/v9/testuser/public_html/sec/.htpasswd
    chmod   644   /home/fs2/v9/testuser/public_html/sec/.htaccess
  • Now, you can test the password protected access by requesting http://wwwpub.zih.tu-dresden.de/~testuser/sec/ with a browser.
     

About this page

ZIH Web
Last modified: Oct 25, 2019
Page Actions