Restrict access to your www pages

From ITSwiki
Jump to: navigation, search

There are two ways of restricting access to your www pages:restricted_access.jpg

  • user/password requirements
  • limit access to specific hosts

A combination of the above is possible as well.

Password protect your pages

To password protect a directory tree do the following (assuming your login name is nn):

  1. Create a directory (e.g. /www/home/nn/public_html/secret) which are going to be protected
  2. In that directory put a file named /www/home/nn/public_html/secret/.htaccess. The content of the file should be something like: 
AuthName "Restricted area - Password required"
AuthType Basic
AuthUserFile /www/home/nn/wwwpasswd
require valid-user
  1. Next create the passwords:
    1. Log on to e.g. thinlinc.imm.dtu.dk and type
    2. Type: 
htpasswd -c /www/home/nn/wwwpassword birger

This will create your personal password file and add user birger to that file. To add more users you use the htpasswd command again but without the -c option.

  1. That's it!

NB! For security reasons you should not put your password file under your ~/public_html directory. Anyhow, the password file must be world readable (i.e. user http must be able to read it). Also, the passwords have nothing to do with your unix account password (and should not have it!). Furthermore, it is not possible to publish documents on the WWW server and preventing other users on the WWW server from accessing it.

To remove a user from the password list, simply edit the password file with a text editor and remove the line with the user of interest.

Limit access to specific hosts

To limit access to a directory tree, so only hosts at DTU Compute can access it create a .htaccess with a content like below, at the moment you need to make entries for both 'imm.dtu.dk' and 'compute.dtu.dk'. 

AuthName "Only IMM clients"
AuthType Basic
deny from all
allow from imm.dtu.dk
satisfy any

Note:Many DTU Compute employees/students do not work on a machine that has a DTU Compute address. A more realistic file would be: 

AuthName "Only IMM clients"
AuthType Basic
deny from all
allow from it.dtu.dk
allow from imm.dtu.dk
allow from iae.dtu.dk
allow from ilf.dtu.dk
satisfy any

This will grant access to all DTU Compute machines plus a few others.

Combined example

If you want to allow free access for DTU Compute hosts require a password from hosts outside DTU Compute, the .htaccess should look like this: 

AuthName "IMM no password - Other needs password"
AuthType Basic
deny from all
allow from imm.dtu.dk
AuthUserFile /www/home/nn/wwwpasswd
require valid-user
satisfy any
Retrieved from "https://itswiki.compute.dtu.dk/index.php?title=Restrict_access_to_your_www_pages&oldid=3521"