Restrict access to your www pages
There are two ways of restricting access to your www pages:
- user/password requirements
- limit access to specific hosts
A combination of the above is possible as well.
Password protect your pages
To password protect a directory tree do the following (assuming your login name is nn):
- Create a directory (e.g.
/www/home/nn/public_html/secret
) which are going to be protected - In that directory put a file named
/www/home/nn/public_html/secret/.htaccess
. The content of the file should be something like:
AuthName "Restricted area - Password required" AuthType Basic AuthUserFile /www/home/nn/wwwpasswd require valid-user
- Next create the passwords:
- Log on to e.g. thinlinc.imm.dtu.dk and type
- Type:
htpasswd -c /www/home/nn/wwwpassword birger
This will create your personal password file and add user birger to that file. To add more users you use the htpasswd command again but without the -c option.
- That's it!
NB! For security reasons you should not put your password file under your ~/public_html directory. Anyhow, the password file must be world readable (i.e. user http must be able to read it). Also, the passwords have nothing to do with your unix account password (and should not have it!). Furthermore, it is not possible to publish documents on the WWW server and preventing other users on the WWW server from accessing it.
To remove a user from the password list, simply edit the password file with a text editor and remove the line with the user of interest.
Limit access to specific hosts
To limit access to a directory tree, so only hosts at DTU Compute can access it create a .htaccess
with a content like below, at the moment you need to make entries for both 'imm.dtu.dk' and 'compute.dtu.dk'.
AuthName "Only IMM clients" AuthType Basic deny from all allow from imm.dtu.dk satisfy any
Note:Many DTU Compute employees/students do not work on a machine that has a DTU Compute address. A more realistic file would be:
AuthName "Only IMM clients" AuthType Basic deny from all allow from it.dtu.dk allow from imm.dtu.dk allow from iae.dtu.dk allow from ilf.dtu.dk satisfy any
This will grant access to all DTU Compute machines plus a few others.
Combined example
If you want to allow free access for DTU Compute hosts require a password from hosts outside DTU Compute, the .htaccess
should look like this:
AuthName "IMM no password - Other needs password" AuthType Basic deny from all allow from imm.dtu.dk AuthUserFile /www/home/nn/wwwpasswd require valid-user satisfy any