Protecting access to a web page¶

Introduction¶

This page describes how to restrict access to a web directory by using a login and password mechanism. To do this you will need to create two configuration files .htaccess and .htpasswd.

Setting up the .htaccess file¶

First of all we need to create the directory whose content we want to protect. So on the web space (/share/blanche/login/www/) we will create a new directory. Let's call it 'secret'.

cd /share/blanche/login/www/
mkdir secret

Then we have to create in this directory the file .htaccess whose content is :

<files *>
deny from all
AuthType Basic
AuthUserFile /home/LABO/login/www/secret/.htpasswd
AuthName "Acces limite"
Require valid-user
Satisfy any
</files>

The .htaccess file indicates that access to this directory is done by means of logins+passwords defined in the .htpasswd file which is also in the same directory.

Setting up the .htpasswd file¶

Now that you know where to create the .htpasswd file, how do you create it?

To create it, you need to use the htpasswd command available on the machines.

Go to the directory you want to protect.

If the .htpasswd file does not exist in the directory, the command to create the web access login "jean" is : htpasswd -c .htpasswd jean

$ htpasswd -c .htpasswd jean
New password : XXXXXXXX
Re-type new password : XXXXXXXX
Adding password for user jean

If the .htpasswd file already exists in the directory, the command to create the web access login "marc" is : htpasswd .htpasswd marc

$ htpasswd .htpasswd marc
New password : XXXXXXXX
Re-type new password : XXXXXXXX
Adding password for user marc

Do not use htpasswd -c .htpasswd marc in the second case above! If you run this command, you will create a new .htpasswd file that will overwrite the previous one and the definition of the account "jean" will disappear.