Restricting Web Page Accessibility

Local amendment of the  Web server configuration using .htaccess

In order to restrict access to the part of your web site you need to do as follows.

• Separate a portion of the web site that needs to have restricted access into a separate subdirectory or subdirectories located within your public_html directory tree.
• Create a text configuration file .htaccess that will be read by the web server. The file is listed below, the contents are case sensitive.

<Limit GET>             # known methods: GET POST PUT DELETE ...
order deny,allow        # default order is: deny,allow,require
deny from all           # deny access from all computers first
allow from .bradley.edu # allows all computers at Bradley university
allow from nn.engboi.uidaho.edu  # allows a user to browse from a particular computer
allow from .insightbb.com    # allows all users using one of a local IP providers
# comment starts with a # char and ends with the line end
</Limit>

• If you want to restrict the access to certain users you will need to do some extra work. You need to create additional password and user group files .htpasswd and .htgroup. The first one is generated by a unix program called htpasswd, and the latter one is pure text file. You also need to change the contents of the .htaccess file.
• .htaccess (text file) should look like:

AuthUserFile /home/staff/olekmali/public_html/handouts/web_limit/.htpasswd
AuthGroupFile /home/staff/olekmali/public_html/handouts/web_limit/.htgroup
# an absolute (full) path to the files is recommended
AuthName "Password prompt Text. Eg. Please enter your user ID and password for thsi Web page"
AuthType Basic
<Limit GET>
require valid-user    # require user advisors company OR require group mygroup
</Limit>

• .htpasswd (text file with some data enciripted) should look like:

olekmali:xxxyyyzzz
company:xxxzzzyyy
advisors:zzzxxxyyy

Please note that xxx is not really "xxx" but encripted password. The password can be generated by running multiple times.

Note that you need to use -c option only when you run it the first time. That option informs the program to create a new password file and disregard the old one if it exists.

htpasswd -c .htpasswd olekmali
htpasswd .htpasswd company
htpasswd .htpasswd advisors

• .htgroup (text file) could look like:

mygroup: olekmali company advisors

• Some Web servers may have .htaccess feature partially or completely disabled. Good luck!

Problems with locating htpasswd on your system?

• You can look for this program or its compiled version on your systemn. Most likely it will be located in /usr/local/etc/httpd/support/. Run it from there or copy to the directory you want to protect.
• If the program is not available there, look for it at www.apache.org/.
• If you do not want to spend too much time looking for it there, compile the enclosed C source code.
• Otherwise, if you trust me a lot, download binary file compiled for Windows