You are here

How can I set password control or access control on my webpages?

  1. To enable password protection for your webpage,  you will need to generate a .htpasswd file. You may search online to find htpasswd generator (e.g. http://www.htpasswdgenerator.net/ or http://www.htaccesstools.com/htpasswd-generator/) to create a .htaccess file that will password protect your site or a directory. 
  2. In the online htpasswd generator, enter username and password and an entry for a htpasswd file is generated. You can then copy and paste the entry to the .htpassword file. Remember to use new line for each new entry.

Example: 

otto:38hi3sylap
billgate:v8302icd92
 
where otto and billgate are two authorized users' names (their corresponding passwords are encrypted). You can delete either one or both of the lines to remove the user(s) from the authorized user list (i.e. the password file). 
  1. When the .htaccess file is ready, use SFTP to upload the password file to your home directory.
  2. To put web page access control into effect:

    Create a file called .htaccess in the directory under which the files and its sub-directories are to be accessible only by the authorized users specified in the User Password file discussed above.

    Example 1

    Suppose the full path name of the passwordFile is /user3/otto/courseUsers and the full path name of the directory of the web page files which require access control is /user3/otto/dir1/.

    The file /user3/otto/dir1/.htaccess should be created and it should contain:

    AuthUserFile /user3/otto/courseUsers
    AuthName HKU
    AuthType Basic
    require valid-user

    Make sure that the full path of the passwordFile is specified in the .htaccess file.

    Please note that the keywords AuthUserFile, AuthName, AuthType and require, and their assigned values must be on the same line. The value valid-user specifies all users in the password file.

    Also, change the permission of the file .htaccess so that it can be read by others using the following command:

    chmod 644 .htaccess

    When a user views a web page file under the directory /user3/otto/dir1/, the web server will authenticate the user's access to the web page by means of his username and password in the password file /user3/otto/courseUsers.

    Example 2

    The file /user3/otto/dir2/.htaccess contains

    AuthUserFile /user3/otto/courseUsers
    AuthName HKU
    AuthType Basic
    require user apple otto

    Please note that the keywords AuthUserFile, AuthName, AuthType and require, and their assigned values must be on the same line. The line "require user apple otto" specifies that only the user apple and otto can access the directory even the password file '/user3/otto/courseUseres' contains other users.

 


Note:

  • If a user browses a web page which is set up with access control by means of username, a login window will come up and the user will be asked to type in his access-control username and password. Only authorized users can gain access to such restricted pages.
  • Access control applies to the directory which contains the file .htaccess and all its files and sub-directories. If you want to set up controlled access function for the web pages in another tree of directories, you need to copy the file .htaccess to the parent directory of that sub-tree of directories. However, only a single passwordFile is required for the same group of authorized users.
Service Category: