1. Log in to your server account by SSH. You will be at the command prompt in your \home directory.
2. Change into the directory you want to restrict.
3. Create an userID and password file by typing nano .htaccess This will open a new file called ".htaccess". This wil open a text editor called "nano" and a new file called ".htaccess". The dot in front of the file name means it will be hidden, which makes it a tad more secure. (Actually, you could call the file anything you wish, .htaccess is simply a convention.)
4. Type the following lines as they appear below, including the spaces and case:
<Limit GET POST PUT>
deny from all
allow from 144.92. 128.104. 146.151.
Note that there is no space after deny, in line 2 and there is a space between the 144.92. and 128.104 and 146.151. (Be sure to include the trailing dots after these numbers.) The numbers we allowed access from are the UW IP numbers. This will allow access to only UW faculty, staff, or students.
To limit access to just a few computers, type in the IP numbers of those particular computers instead.
allow from 188.8.131.52 184.108.40.206
in line 4. (don't use commas between the numbers, just spaces.)
5. Hit Ctrl-x and then y and then hit <Enter> to exit nano and save the file.
6. Set permissions on your .htaccess file by typing at the prompt chmod 644 .htaccess
1. Log onto your <server> account by SSH.
2. Create the password file.
3. Determine the full directory path by typing pwd <Enter> (you will need to type this into the file you create next, so you might want to jot it down).
4. Change into the directory you want to restrict.
5. Create an .htaccess file in the directory to be protected by typing nano .htaccess This will open a text editor called "nano" and a new file called ".htaccess." The dot in front of the file name means it will be hidden, which makes it a tad more secure. (Actually, you could call the file anything you wish, .htaccess is simply a convention.)
6. Type the following lines as they appear below, including spaces and case.
<Limit GET POST PUT>
Full-path-to-the-.htpasswd-file, and name-of-the-protected-directory should be substituted appropriately.
Name-of-the-protected-directory can be substituted with anything you want really (it's what will show up in the title bar of the dialog box asking people for their login ID and password). By convention it is just the directory name.
There should be no space between the path in line 1 and /.htpasswd (or whatever you have called your password file).
"valid-user" is a command that will reference any username listed in the .htpasswd file.
You could, if you wish, restrict it to only one or several names in that file by listing the usernames themselves instead of valid-user (with a space between each) such as: require user karen bruno
7. Hit Ctrl-x and then y and <Enter> to exit nano and save the file.
8. Set permissions on your .htaccess file by typing at the prompt chmod 644 .htaccess
You can limit access to someone either on the Madison campus OR limit by requiring a valid login ID and password by making use of the "satisfy" directive. This would be useful in situations where you generally want to limit access to campus, but you also want access to your website when you are out of town.
1. Follow the directions above (in "To Limit by User") to create your .htpasswd file.
2. Follow the directions above (in "To Limit by computer address") to create your .htaccess file, but substitute the following lines for the <Limit...</Limit> lines:
deny from all
allow from 144.92 128.104. 146.151.
3. Note: there is no space between deny, and allow in the first line.
The Basic authentication scheme (the one used here) transmits passwords across the Internet unencrypted, so they could be, in theory, intercepted. For this reason (and others) it is not good practice to use student IDs as login IDs or passwords.
That being said, the username and password is as secure as any username/password system, in that end-users should not tell others their password, or write it down, or make it easily guessable. .Htpasswd is a plain text file, and even though the passwords in it are encrypted, they are not completely safe against decryption, so the file should reside in your /home directory - not in your /home/public_html directory where it would be accessible to other users on the system.
Additionally, if you want to use the new Web Initial Sign On (WebISO) system, you can have your students signon to your website using their netID. This isn't something you can do this yourself, but if you want to discuss this as an option for your class website, please contact Bruno Browning at email@example.com.
Lastly, if security needs to be really tight, we can set your website to use Secure Sockets Layer. In this technique, we can set your website so that users authenticate securely with a certificate which they are prompted to accept. You may have seen this when accessing secure sites such as online shopping sites or your bank. If you are interested in discussing this, please contact Bruno Browning at firstname.lastname@example.org.
For more information on how to set up user authentication, see the NCSA Tutorial at http://hoohoo.ncsa.uiuc.edu/docs/tutorials/user.html or Apache Week's special article at http://www.apacheweek.com/features/userauth
Created by Karen Tusack (email@example.com)
Updated by Sara Ziemendorf.
Date Last Modified: October 19, 2004