Restricting Access to Web Pages
Note: As of April 1st, 2008 personal homepages are no longer supported
Web security starts at the directory level. To secure any page, you must first put it into a discrete subdirectory. Once you've created your subdirectory, you can secure that subdirectory and any pages that reside in that subdirectory by one of three means:
For users on Pobox and Dolphin, we have made available a wrapper script that will help you to password protect your pages for web users. This script will set the password for the username that you choose and create the .htpasswd and .htaccess files in the directory that you specify.
WARNING: This method will only secure your pages from web users. Any user who has a login account on your same server will be able to see the contents of your pages if they know of their existence. If you prefer to make your pages completely secure from all users, you must contact the server administrator by sending mail to email@example.com.
After creating the subdirectory you wish to secure in your html directory, type
/usr/local/bin/htpasswdfrom your UNIX prompt.
A sample .htaccess file that will be created would be
AuthUserFile /usr/users/testuser/html/secure/.htpasswd AuthGroupFile /dev/null AuthName Passworded AuthType Basic require user secure1 secure2
You will need to create a .htaccess in your restricted sub-directory. A sample .htaccess file would be:
AuthUserFile /dev/null AuthGroupFile /dev/null AuthName Domain-restricted AuthType Basic order deny,allow deny from all allow from .upenn.eduThis will allow any host in the .upenn.edu domain to view your pages but anyone else will get a 403 Forbidden error message.
Your will need to create a .htaccess like
deny from all allow from .upenn.edu AuthType Basic AuthUserFile /usr/users/testuser/html/secure/.htpasswd AuthName Special_restriction require user brak moltar satisfy anydolphin services
Information Systems and Computing
University of Pennsylvania
Comments & Questions