Htaccess is available on the Webadmin server for securing access to folders within your web site. There is a PDF totorial describing this on the OIT Site: How to Password Protect a Web Directory. There’s one for personal web sites (people.umass.edu/xxxxxx, or courses.umass.edu/xxxxxx), and one for departmental web sites (www.umass.edu/xxxxxx). The instructions are the same, but the locations of your files are different in those two scenarios, so we describe it in each of those contexts.
The general steps are:
- Create the directory you want to be secure, if it doesn’t already exist.
- Create a file called .htaccess in that directory, with the contents as described in the linked article.
- This file must contain specific information that you have to supply.
- You can start by pasting the information from the PDF file into the text editor nano, on Webadmin, but then you will have to fill in the changes, as described in the handout.
- Use the htpasswd command as described in the handout to create the .htpasswd file with the usernames and encrypted passwords.
- Some tips:
- The .htaccess file has a line that identifies the path to the .htpasswd file. this must be correct. It’s normally the only thing you have to change in the .htaccess file.
- Both the .htaccess file, and the .htpasswd file, have to be readable by all.
- The directories containing those files also have to be readable by all.
There are a lot of details to this. Usually, after following the steps in the tutorial, I try going to the secured location in my browser, and it doesn’t work. I check out the points in those tips, and I’ve usually forgotten one of those.
