Password Protect Web Pages

Audience:
Topics:

Password Protecting a Directory on Artsci

Sometimes it is useful to restrict access to some subset of the pages on your website with a password. The directions below assume that you are familiar with UNIX files and commands; can move comfortably in the UNIX directory tree; and can use a text editor such as Pico.

Warning: This level of password protection doesn't mean that your files cannot be accessed if you're not careful. For example, if you enter the username and password to access a file in the protected directory that you create and then leave the browser up and going, anyone can access another file in the same directory as long as the browser software remains open. Similarly, if a user in a lab accesses the protected directory with username/password, surf other Internet sites, and leave the lab, the next user can obtain access to the protected site by using the "Back" button if the browser software has not been closed and re-launched.

Here's how it will work: To limit access to files on your website, you need to place them in a password-protected directory. The password you will create actually protects the contents of the directory as a whole. Once you have password protected access to your directory, anyone who tries to browse files there will be prompted for a username and password--this username and password is NOT the same as your or any other user's Artsci login and password.

Before beginning: In the instructions below, any information you need to enter will be shown in bold inside the blue terminal box. The instructions will illustrate user tsmith's account, and the example command line shown for each step will look like the command line you will see in your own account. The instructions password protect the directory called private. The username required for access to this directory is student. You should make note of the name of the directory you wish to protect in your own account and decide on a user name to substitute for student below.

Let's get started:

First you will need to create a new directory to contain the protected files. This is the directory that will be password protected.

  1. Using SSH software, connect to artsci.wustl.edu and login to your account. If you do not have SSH, click here to connect in a web browser: http://artsci.wustl.edu/ssh
  2. Change directories to your public_html directory
    tsmith@ascc Students/s/tsmith>cd public_html
  3. Create a new directory named private
    tsmith@ascc Students/s/tsmith/public_html>mkdir private
  4. Change the permissions mode of the private directory to allow world-readable and world-executable access (necessary for access by web browsers.)
    tsmith@ascc Students/s/tsmith/public_html>chmod a+rx private
    Create a password for the private directory.
  5. Make the private directory the current directory.
    tsmith@ascc Students/s/tsmith/public_html>cd private
  6. Create the first of two files required for passworded access. The first file, .htpasswd, provides usernames and passwords. The . is important in the .htaccess filename
  7. Still in the private directory, you need to obtain a path to the location of the password files.
    tsmith@ascc Students/s/tsmith/public_html/private>pwd /home/artsci/students/s/tsmith/public_html/private
  8. Highlight the path that was displayed. Go up to the 'Edit' drop down menu and choose 'copy'. You will need to 'paste' this information in a later step.
  9. Create a username for access to the file. Following the example below, replace the word username with your desired username. When prompted for a password, enter your desired password.
    tsmith@ascc Students/s/tsmith/public_html/private>htpasswd -c .htpasswd username
  10. If you wish to enter additional users, use the command below:
    tsmith@ascc Students/s/tsmith/public_html/private>htpasswd .htpasswd username
  11. Enter a password for each when prompted. NOTE: omit the -c option for additional users.
  12. Set the permissions to the file .htpasswd.
    tsmith@ascc Students/s/tsmith/public_html/private>chmod a+rx .htpasswd
  13. Create the .htaccess file:
  14. Create .htaccess NOTE: the . in the filename .htaccess is important.
    tsmith@ascc Students/s/tsmith/public_html/private>pico .htaccess

    NOTE: you must create the file exactly as shown below including upper and lowercase letters and spaces, substituting your own path obtained in step 2 above. This is where you will need to paste the path that you copied before (go up to 'Edit' drop down menu and choose 'Paste'). Also substitute the username that you created in step 2 to use for student below. If you have additional usernames, add them on additional separate lines.

    NOTE: THE MESSAGE:'This File is protected with a password' MUST BE IN QUOTES !

    AuthUserFile/home/artsci/students/s/tsmith/public_html/private/.htpasswd
    AuthName "This File is protected with a password"
    <Limit GET>
    AuthType Basic
    </Limit>
    require user student

  15. Save and exit from this file by doing the following: … Hit 'control' and the 'x' at the same time. When asked to save the modified buffer, answer yes.
  16. Set the file permissions for .htaccess:
    tsmith@ascc Students/s/tsmith/public_html/private>chmod a+r .htaccess

You are now finished!

Changing the password

Here is how to change the password that you just setup:

  1. Make sure you are in the directory that is Password protected.
  2. Replace username with your username that you created for the directory.
    tsmith@ascc Students/s/tsmith/public_html/private>htpasswd .htpasswd username

You will now be prompted to type in the new password and retype it for confirmation.