Do you want to restrict access to information posted on your personal web pages?
It's easy!* Here's how to do it...
Tutorial on Restricting Access to Web Pages
You can post web pages in your public_html directory that require passwd
authorization for access.
For instance, you can post problem sets and answers which
will be accessible only to members of a particular class.
Or a map to your favorite fishing hole...
Security Level: Mild
This mechanism should prove handy for casual use.
However, it ranks very low on the security scale,
and should not be used for highly confidential material.
Passwords and the "protected" web pages alike are transmitted unencrypted
and can easily be eavesdropped.
Don't use passwords that even resemble passwords to
Furthermore, be aware that anyone logged into a host in the P&A network
can access files in your home directories, including your web directories.
You can generally use chmod to restrict access to directories and files,
but if you restrict access to web pages, the web server will also be blocked.
The up side is that your protected pages are unlikely to appear in a Google
Simple scheme, one user per directory
Although you cannot configure access authorization for individual files,
you can restrict access to entire directories.
You must decide which different people and/or groups
of people will need access to different resources.
Each grouping will need its own restricted-access directory.
For example, you can give all the students in your Tachyon Physics 414 class
a single login name and password which will grant them access to class web
Here we'll set up a a directory for this group,
and a different directory for the students of Cosmography 101.
Finally, a Reference directory will be accessible to both classes.
I. Create directories for each access grouping
$ cd ~/public_html
$ mkdir t414 c101 ref
II. Create the password file
All of the passwords will be kept in a single file.
This file should not be in the public_html hierarchy;
let's create an "auth" directory in your home directory.
utility creates and manages a password file.
You must enter the first user and password when you
-c option to create the file.
Here we're creating a user named tach414:
$ mkdir ~/auth # The tilde (~) stands for your home directory
$ htpasswd -c ~/auth/basic.pw tach414
You will be prompted twice for the password. You will give this log name and
this password to all of the students of Tachyon Physics 414. For the sake
of this test, use "Z38r4" as the passwd.
When you repeat these steps for another class [user],
you'll want to use the same password file.
To enter additional users without erasing the previous users, or to change
a password, leave out
$ htpasswd ~/auth/basic.pw cosmo101
For the sake of this test, use "5pH3r3"" as the passwd.
III. Create a .htaccess file in each controlled directory
With your favorite text editor, create a file named t414/.htaccess containing
the following lines:
AuthName "Access to Tachyon Physics 414"
Require user tach414
Then create the c101/.htaccess and ref/.htaccess similarly,
with the appropriate changes.
To make the Reference directory accessible to the students of all of the
classes, all of the "users" can be listed on the
Require user tach414 cosmo101
...or access can be granted to any validated user:
IV. Create Links
Now all that's left is to put an index.html and/or other web pages and documents
in that directory,
then create the normal hyperlinks to them from an openly accessible page...
|Tachyon Physics 414
Go ahead, try these links!
Remember that in the examples above,
user tach414's password is Z38r4,
and cosmo101's password is 5pH3r3.
After you create pages in your protected directories,
and an unprotected page with links to them,
you should be able to run the same test
accessing your own protected directories.
V. One last item of caution:
Be sure and create an "index.html" file in each directory you create,
or else any user who gains web access to that directory will be able to
read the names of all of the files there. This may not be a problem
for you, but if you "park" files there that you don't [yet] want read
even by the password privileged users, they could be found and read anyway.
If you're feeling ambitious, you can give each student a user name and password.
You can also assign individual users to groups
and authorize access to your directories according to the groups.
Read the Apache Web Server documentation on
Authentication, Authorization and Access Control
for the full story.
This mechanism only works if it's enabled in the web server.
If the page you're configuring isn't at www.physics.sfsu.edu, then
the server may not be configured to support dynamic authorization.
In addition, not all [older] browsers carry support for this feature.