ISS Help Desk - Password Protecting Acad Web Pages Using htaccess

Sign Up For: Virus Alerts | ISS News Alerts

Password Protecting Acad Web Pages Using htaccess

Posted: 10: 37 AM, Monday, Feb 10, 2003
Last Updated: 7:00 PM, Tuesday, June 30, 2009

This document contains the basics for password protecting your web pages using htaccess. At the moment, this works only on Acad web pages.

Password protecting web pages with htaccess is a two step process:

Creating the User and Password File
Configuring the .htaccess file

Related Help Desk Links

- Quick Guide to UNIX
- Quick Guide to Pico
- Acad UNIX Shell Account (SSH)
- Setting up Acad Account for Web Pages

External Links

- All You'll Ever Need To Know About htaccess - from iPlanet
Note: External sites are not endorsed by GW or the Help Desk.

Before You Begin

You must...

... be GW Faculty, Staff, or Student and have an Acad (UNIX) account
... have a web site created containing your web pages/files that you want to password protect. If you have not already done so, please visit the Account Center for an Acad Account and the Web Pages and UNIX section of the Online Manuals to get started with your web page.
... be connected to Acad (host name: acad.gwu.edu) via SSH. Please see the SSH section for details.

1. Creating the User and Password File
NOTE: Since we are on a UNIX system, the commands, usernames and passwords here are case sensitive. So be sure to use the proper case.
`1.1`	The file that contains the users and their passwords, should be placed outside the `public_html` directory and in your home or root directory. To ensure this, type this UNIX command at the UNIX prompt: `cd` and press enter. This will return you to your home or root directory on Acad.
`1.2`	The command to create the user-password file follows this general format: `htpasswd` `-c` `user_password_file` `user` Here is what this line means: `htpasswd` - starts the password creation program `-c` - the -c (pronounced "minus c") option is used to `create` a new password file (use only when creating a new password file. If file exists, leave the -c option out). `user_password_file` - this is the file where your user and password combinations are stored. You can name this file anything you like. `user` - this is the login your site visitor(s) will have to enter (along with the corresponding password you set) to gain access to the password protected sections of your web site. Example: I am going to add `ithelp` as a user, and call my user-password file, `secret_word` (Of course, you may use any name for your user-password file). For this, I will have to use the following command: `htpasswd` `-c` `secret_word` `ithelp` After I press enter, I am then asked to enter a password (twice) for the user `ithelp`. Next, the user-password file will be created and I'll be prompted `Adding Password For User ithelp`.
`1.3`	Next, set file permissions for this file by issuing this command at the UNIX prompt: `chmod 644` `secret_word` This is a one time process: You don't have to issue this command every time you add a user. The permissions remain until you change them. Now, that we've successfully created a file with the user and his/her corresponding password, we are ready to configure the `.htaccess` file.

2. Configuring the .htaccess file
NOTE: Since we are on a UNIX system, the commands, usernames and passwords here are case sensitive. So be sure to use the proper case. The `.htaccess` (pronounced "dot h t access") file tells the web server which directory is password protected and where to look for usernames and passwords on your Acad account. The dot in front of the file is required. The `.htaccess` file should be placed in the directory that you want password protected, which may be the `public_html` directory or any of its sub directories. We are going to create the `.htaccess` file using `Pico`, a UNIX based text editor. You may also use `vi` or `emacs` or any other editor you are comfortable with. The `.htaccess` file has to be placed inside the directory that you want to password protect.
`2.1`	Say you want to protect your `photos` directory, which is a sub directory of `public_html`. First we will change directory to the photos directory using the following two commands: `cd` this returns you to your home or root directory on Acad `cd public_html/photos/` changes your directory to `photos` inside your public_html directory.
`2.2`	Once inside the photos directory, we will create the .htaccess file using this UNIX command: `pico -z -w .htaccess` This uses Pico to start a text file `.htaccess` without wrapping (the `-z -w` part) as we don't want text wrapping. The general format of the `.htaccess` file is as follows (generally, 7 lines): `AuthUserFile /export/home/users/i/t/ithelp/secret_word` `AuthName "Welcome To My Home Page"` `AuthType Basic` `<Limit GET POST> require valid-user </Limit>` `First Line:` Tells the web server where the password file we created in `1` (above) is located. Notice the `/export/home/users/i/t/ithelp/secret_word` text. You need to obtain this for your own Acad account by using the `pwd` command at the UNIX prompt. The text in green is based on the your GWMail login name - the first two letters, followed by your entire GWMail login name. So, for example, if your login name on GWMail (and therefore, Acad) is `edwin`, use `/e/d/edwin/`. If your username is `ithelp`, use `/i/t/ithelp/`, if your username is `janedoe`, use `/j/a/janedoe/`. `Second Line:` Use this to display a brief message to those visiting your site. Be sure to enclose the message in double quotes. `Third, Fourth (Blank line), Fifth, Sixth, and Seventh Lines:` Take our word on these (-: Now, go ahead and type the above lines in.
`2.3`	Once you are done with the contents of your `.htaccess` file, press `Ctrl-x` to save and exit your `.htaccess` file. You will return to the Acad UNIX prompt.
`2.4`	Next, we'll set file permissions for `.htaccess` file to 644 using this UNIX command: `chmod 644 .htaccess`
`2.5`	Now, go to `http://home.gwu.edu/~your_username/protected_directory/` and you will be prompted for your user name and password you created in step 1 above. In my case, I would have to go to `http://home.gwu.edu/~ithelp/photos/` .


Support & Contact Info: Help Desk: (202) 994-5530 EAS Help Desk: (202) 994-5530, option 4 System Status: (202) 994-5530, option 3 Support: ITHelp Request Suggestions: suggest@gwu.edu		Help Desk Hours: Monday-Friday: 7:00AM - 10:00PM 44983 Knoll Square, Bldg II, Suite 351 Ashburn, VA 20147 ITS Fax: (202) 994-0101 Help Desk Fax: (703) 726-4111

Before You Begin

1. Creating the User and Password File

2. Configuring the .htaccess file