Protecting access to a web page¶
Introduction¶
This page describes how to restrict access to a web directory by using a login and password mechanism. To do this you will need to create two configuration files .htaccess and .htpasswd.
Setting up the .htaccess file¶
First of all we need to create the directory whose content we want to protect. So on the web space (/share/blanche/login/www/) we will create a new directory. Let's call it 'secret'.
cd /share/blanche/login/www/
mkdir secret
Then we have to create in this directory the file .htaccess whose content is :
<files *>
deny from all
AuthType Basic
AuthUserFile /home/LABO/login/www/secret/.htpasswd
AuthName "Acces limite"
Require valid-user
Satisfy any
</files>
The .htaccess file indicates that access to this directory is done by means of logins+passwords defined in the .htpasswd file which is also in the same directory.
Setting up the .htpasswd file¶
Now that you know where to create the .htpasswd file, how do you create it?
To create it, you need to use the htpasswd
command available on the machines.
Go to the directory you want to protect.
If the .htpasswd file does not exist in the directory, the command to create the web access login "jean" is : htpasswd -c .htpasswd jean
$ htpasswd -c .htpasswd jean
New password : XXXXXXXX
Re-type new password : XXXXXXXX
Adding password for user jean
If the .htpasswd file already exists in the directory, the command to create the web access login "marc" is : htpasswd .htpasswd marc
$ htpasswd .htpasswd marc
New password : XXXXXXXX
Re-type new password : XXXXXXXX
Adding password for user marc
Do not use htpasswd -c .htpasswd marc
in the second case above! If you run this command, you will create a new .htpasswd file that will overwrite the previous one and the definition of the account "jean" will disappear.