WebAccessControl < IT

---+ Web Access Control

Any set of page(s) can be protected by a simple password by using an <code>.htaccess</code> file. This file should be placed in the directory containing the files or directories that need to be protected. For example:

<verbatim>
order deny,allow
deny from all
allow from 194.36.1

~AuthType Basic

~AuthUserFile /data/www01/somearea/htpasswd.users
~AuthName "Internal User"
require valid-user
satisfy any

<Files htpasswd.users>
deny from all
satisfy all
</Files>

Options All
</verbatim>

In this example any user from the subnet <code>194.36.1.x</code> is allowed access to the file(s) or directories in the directory where the <code>.htaccess</code> file is placed. If any user not within the <code>194.36.1.x</code> subnet tries to browse this area then they will receive a dialog box entitled Internal User asking for a username and password. If the user name and password matches one in the file <code>/data/www01/somearea/htpasswd.users</code> then the user will be allowed to view the web pages.

Notice that the <code>/data/www01/somearea/htpasswd.users</code> in this example is assumed to be in the same directory as the <code>.htaccess</code> file such that the <code>.htaccess</code> protects the <code>htpasswd.users</code> file. The <code>htpasswd.users</code> can be created with the LINUX command htpasswd. This command is available on all LINUX desktops. When generating this file, DO NOT pick a user name which suggests users should use their LINUX username and password. The username and password exchanged during authentication is not encrypted, and therefore could be sniffed.



-- Main.AndrewPickford - 25 Jan 2009
This topic: IT > WebHome > WebAccessControl
Topic revision: r1 - 2009-01-25 - AndrewPickford