HomeSILS IT ServicesUsing SILS Servers

Password Protecting Web Pages Manually

If you're familiar with working in a Unix shell environment, you can probably do this by working your way through the quick reference below. If you are doing this for the first time or want more detailed instructions, jump to detailed instructions below. If you need to learn more about the Unix shell environment, you can try ITS's tutorial on basic Unix.

You can also bypass the manual procedure of password-protecting your Ruby webspace and instead use the handy-dandy password script for Ruby that a thoughtful SILS student created.

Quick reference

  1. create a to-be-protected directory (hereafter known as protectme ) off your current html directory (hereafter known as public_html)

  2. create a password file by typing the following at the prompt:

    htpasswd -c /path/to/public_html/protectme/.htpasswd username

    using your values for public_html, protectme, and username. Enter the full path to your new directory, complete with the trailing slash. Enter a password twice.

  3. create a file called .htaccess (note the dot) and make it look like this:

    AuthUserFile /path/to/public_html/protectme/.htpasswd
    AuthGroupFile /dev/null
    AuthName "Restricted Directory"
    AuthType Basic
    require user username

  4. chmod 755 everything you just created (the new directory, the .htpasswd and .htaccess files).

 Detailed instructions

These instructions use public_html as an example of a base HTML directory and protectme as a directory that will be password protected within public_html.

  1. Find the full path to the public_html directory. These instructions will refer to the path as /path/to/ , but you will need to replace /path/to/ with the correct path to your HTML directory. If you are not sure what that path is, go to your public_html directory and type pwd (stands for print working directory) at the command prompt; it will print out your full path.

  2. Create a subdirectory within your public_html directory, and place all of the files you want to have password protected within it. Use the command mkdir protectme , where protectme is the name of the directory you wish to create. Then move the HTML files you wish to protect into that directory using the command mv filename protectme , where filename is the name of the file you are moving, and protectme is your directory name. Repeat this last step to move all the files you wish to protect.

  3. Next, you'll need to create an .htpasswd file to contain the login name and the password used by that login name. This is done by using the htpasswd program on the server:

    • Type the following, all on one line, replacing the path, public_html, protectme, and username with your actual values for those things. Replace username with the login name you want to require (it can be any combination of letters or numbers, but no spaces):

      htpasswd -c /path/to/public_html/protectme/.htpasswd username

      If the words you're typing run off the screen, that's okay.

    • You will see a prompt like this:

      New password:

      Enter the password you want users to use with the login name you created. You won't see it on the screen when you type it in. You'll then need to enter the same password again--it prompts twice to check for spelling errors. After this, the .htpasswd file has been created.

  4. Create a file called .htaccess (note the period in the filename) to provide the password protection. Change into the newly created directory by typing cd protectme , replacing protectme with the actual name of your directory, and create a new file called .htaccess with the following command:

    nano .htaccess

    Put the following lines into this file, then edit them according to the notes below:

    AuthUserFile /path/to/public_html/protectme/.htpasswd AuthGroupFile /dev/null AuthName "Restricted Directory" AuthType Basic require user username

    Notes

    • Replace the path and directory names with your actual path and directory names.

    • public_html can contain a nested directory, e.g. classes/coursename.

    • You may replace "Restricted Directory" with the name of your choice; the user sees this name in the password dialogue box in the browser (keep the name inside the quotation marks).

    • Username is the login name you chose above when you created your .htpasswd file.

    • Make sure that each of the five lines of the file are on a single line in your .htaccess file.

    • Save your file by typing control-o , enter (to save it as .htaccess), then control-x to exit nano.

  5. Finally, to make the files work, you need to set their permissions properly. From within the directory you are protecting (you should still be there), type the following commands, hitting enter after each one:

    chmod 755 .ht* cd ..chmod 755 protectme

    Replace protectme with the name of the directory you are protecting. Check a page in the protected directory from a Web browser, and you should be prompted for a login and password.

  6. If you are having problems, make sure that both the .htaccess and .htpasswd files are located inside the directory you want to password protect. Make sure that the first line in the .htaccess file (after AuthUserFile) has the correct path to the .htpasswd file. You can see [ http://www.apacheweek.com/features/userauth ] Apache's tutorial on user authentication for more detailed instructions and to troubleshoot more complicated problems.