User Tools

Site Tools


web_pages_options

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

web_pages_options [2015/05/26 13:45] (current)
Line 1: Line 1:
 +====== Password protected web directories and other options ======
  
 +It is possible to restrict access to a part of your website. Restrictions could take the form of a password prompt, or access granted only from certain IP addresses.
 +
 +===== The .htaccess mechanism =====
 +
 +The Apache webserver has a mechanism to set options for a part of a website, by putting a file named ''​.htaccess''​ in the directory for which those options should be set.
 +
 +Note: directories inherit ''​.htaccess''​ settings from their parent directories,​ so if you have a password set on ''​~username/​secret''​ , then ''​~username/​secret/​too''​ will also be password protected, unless you place a ''​.htaccess''​ file in it which ends the protection.
 +
 +Another note: the ''​.htaccess''​ file only has effect for access through the webserver. It does nothing to restrict access for local users; use Unix filesystem permissions to achieve that goal (but: somehow you will need to make sure the webserver still has access, not an easy task! See [[linux:​ACLs]])
 +
 +===== Creating a password file =====
 +
 +Make a password file, using the command ''​htpasswd'':​
 +
 +  htpasswd -c ~/.htpasswd username
 +
 +where ''​~/​.htpasswd''​ is the file to create (can be anywhere on disk) and username is the username to use for logging in (so this has no necessary relation to your own username!). The command will prompt for a password, and then create a file with the username and the password in encrypted form. You can add multiple users by running the command again without the ''​-c''​ option (which stands for "​create"​).
 +
 +===== Sample .htaccess file =====
 +
 +Here is a sample of what to put in ''​.htaccess''​ . Of course you should include the right path to your password file (which doesn'​t have to be in the web directory).
 +
 +  AuthUserFile /​home/​user/​.htpasswd
 +  AuthGroupFile /dev/null
 +  AuthName "​Highly classified information"​
 +  AuthType Basic
 +  ​
 +  <limit GET POST>
 +  require valid-user ​
 +  </​limit>​
 +Other parts you may want to change:
 +  *  AuthName is the text displayed in the password dialog, so you can change this to something useful (in fact, the protection scheme is not suitable for highly classified information!)
 +  * In stead of ''​require valid-user''​ you can also use ''​require user username''​ with a specified username or list of usernames. This may be useful if you have one ''​.htpasswd''​ file with multiple usernames, and some users should have access to one part of the site, and other users have access to other parts.
 +
 +===== Other options =====
 +
 +The ''​.htaccess''​ file can also be used to set some options for the directory, when viewed through a web browser. The most common one is, to grant access to make a directory listing, useful when a directory is meant for downloads. The option to set is:
 +
 +  Options +Indexes
 +
 +More information about ''​.htaccess''​ files and related options can be found on-line, eg in the [[http://​httpd.apache.org/​docs/​current/​howto/​htaccess.html|Apache htaccess tutorial]]. ​
web_pages_options.txt ยท Last modified: 2015/05/26 13:45 (external edit)