Restricting access to www directories

It is possible to restrict access to directories accessible via the www.

Reasons why you shouldn't bother:

If you're making it available via the WWW, you want people to see it.
The password file you need to create will have to reside in your home directory and be world readable, meaning anyone at FIU can see the contents.
If you have a large number of people, then you either need to maintain a large password database, which can be very messy, or have one or two accounts and you tell the people you want to have access what the password is. Since they can tell anyone else, and if you change it you need to notify a large number, this somewhat defeats the purpose of having a password.
The FIU main www server is not designed to be a secure server, meaning that there is no additional encryption done when passwords are sent across the network, which is inherently dangerous since the text could be intercepted in transit.

Ok, so how can I restrict access to certain directories?

Put the files in a directory a couple of levels below your www directory.
Don't make the directory world readable, only executable (hides it from the FIU search engine)
Don't provide links to it from other pages. Only tell the people who you want to access it where it is.
Only make it accessible (change the permissions) for a certain period of time.

But I want to password protect my files!

You have been warned...

How it works: When somebody using Netscape tries to access your www directory, the server looks for a file called .htaccess in that directory. If it doesn't find it, then it looks for the file index.html and sends it over the Internet. If it does find it, this file will determine how access is provided to the files in this directory. It will then check for a password file specified in the .htaccess file and verify the username and password from that.

The password file you create is NOT the same as the FIU unix password file

The following example presumes you want to protect your www directory, though it can be done to any directory below www too.

in your home directory, create a new file called .htpasswd containing the first username you want to enter. You need to know what your full path is. Type pwd at your prompt. When you run the command below, you will be prompted twice for the password for this username. For this example, the person the username will be robert.

htpasswd -c /home/grads/jstude01/.htpasswd robert

The contents of the file will look like this:

robert:Ax87fhg6x8ah

which is the username followed by a colon and the encrypted password

cd to your www directory
cd ~/www

create a file called .htaccess in the directory you want to protect. This file will contain a pointer to the password file you created above, in addition to any other limitations you want to create, such as based on domain or IP address. In this example, the user's home directory is /home/grads/jstude01. The file should look like this:

AuthUserFile /home/grads/jstude01/.htpasswd AuthGroupFile /dev/null AuthName ByPassword AuthType Basic <Limit GET> require user robert </Limit>

Both the .htpasswd and the .htaccess files need to be world-readable in order for the web server to see them correctly.

chmod a+r ~/.htpasswd chmod a+r ~/www/.htaccess

If you want to later add additional usernames/passwords, use the command

htpasswd /home/grads/jstude01/.htpasswd username

maintained by wsg_support