Creating Password Protected Web Pages

Steps the user has to perform

  1. Create a directory in /export/home/WWW which you wish to password protect, eg /export/home/WWW/username/secret_stuff - all users have the permissions to do this. Make this a subdirectory of your main web page.
  2. In that directory create a .htaccess file containing something like the following edited to reflect your location and users.
    AuthName 'Restricted Stuff'
    AuthType Basic
    AuthUserFile /export/home/WWW/username/secret_stuff
    require user user1 user2
    The usernames do not have to exist in the system password file, and can be any string of characters.
  3. Create a password file and allow access to user 'user1' using:
    /usr/bin/htpasswd -c /export/home/WWW/username/sercret_stuff/.htpasswd user1
  4. If required, add further users using:
    /usr/bin/htpasswd  /export/home/WWW/username/secret_stuff/.htpasswd user2
  5. Contact the system manager and ask them to perform the steps below.
  6. Now put your files in the directory and test it from various locations.

Steps the System Manager has to perform

  1. Add an entry similar to that below to /etc/httpd/conf/httpd.conf You need root privileges to do this.
    <Directory "/homeb/WWW/username/secret_stuff" >
    # Allow page to be password protected
        AllowOverride AuthConfig
    # Controls who can get stuff from this server.
        Order allow,deny
        Allow from all
  2. Restart apache, using (as root)

    apachectl restart
    Bearing in mind that people may be reading our web pages so be considerate when doing this.

Rhys Morris
Last modified: Tuesday, 15 January 2019