OSU Navigation Bar

The Ohio State University

Department of Statistics

Cockins Hall
rollover image OSU Statistics Home

design element

OSU Statistics

Home

News

Research & Consulting Groups

People

For Visitors

For Prospective Students

For Current Students, Staff & Faculty

Contact Us

rollover image

For Current Students & Faculty

rollover image

Courses

rollover image

Links

rollover image

Computer Support

rollover image

Internal Documents

rollover image

webmail

Password and Host Protecting Web Pages

Both passwords and host control can be accomplished with the .htaccess file. A .htaccess file in the directory that you wish to protect, protects that directory as well as all others below it.

To restrict based on hostname use a .htaccess file like so:

  AuthUserFile /dev/null
  AuthGroupFile /dev/null
  AuthName AllowFromOSU
  AuthType Basic
  order deny,allow
  deny from all
  allow from ohio-state.edu

You can change the ohio-state.edu to whichever site you wish to give access to.

To restrict based on username and password is more difficult. First, it is highly recommended to access this through SSL, that is make your link to this page with https: not http:. (Note: if you use SSL, all references to files in the protected directory will also have to be https:.) The .htaccess file will look like this:

  AuthUserFile /home/yourusername/.htpasswd
  AuthGroupFile /dev/null
  AuthName putmeaningfulnamehere
  AuthType Basic
  SSLRequireSSL
  Require user nameofuserhere

Obviously, you probably want to call the authorization something other than putmeaningfulnamehere. The AuthName is really just for your reference, it will be displayed in the title of the box that prompts a user for a password. It cannot contain spaces.

For the user name you can pick something other than "nameofuserhere". If you were using this account for a class it might be useful to put the class name here. However, on Unix, usernames must be eight characters or less, and must start with a letter, and contain only letters and numbers. They are case sensitive. The username goes on the require user line, and is the first part of what people will type to get into the pages.

You can have separate usernames for each person who needs access to the page, or you can use just one username/password pair for a class. It really depends on if different people will be granted access at different times.

The AuthUserFile line should generally point to your home directory, and should not be in the WWW hierarchy, lest someone be able to download and run a cracker on it. This file will look like:

  stat101:frefV0mParX16

In this case, stat101 refers to the username and frefV0mParX16 is the encrypted password. To create a password use the following command:

  /usr/local/sbin/crpw salt password

In the above example "password" should be replaced with the password you wish to use, and salt can be any two characters. Salt is a two character encryption seed, and password follow the same rules as usernames. Note: All these files must be world readable for the web server to see them, so do chmod 644 .htaccess, etc.

A quick example: making a password protected directory called "test" with a username: stats and a password: StatS!

1) mkdir test
2) chmod 755 test
3) cd test
4) vi index.html ... create your index file
5) chmod 644 index.html
6) vi .htaccess

  AuthUserFile /home/yourusername/.htpasswd
  AuthGroupFile /dev/null
  AuthName Statistics
  AuthType Basic
  SSLRequireSSL
  Require user stats

7) chmod 644 .htaccess
8) /usr/local/sbin/crpw ab StatS!
9) vi .htpasswd (.htpasswd is in your root directory, not in the WWW folder)

   stats:abyvFsHOAVDfU

10) chmod 644 .htpasswd

Ohio State University logo

Home   |   News   |   Research & Consulting Groups   |   People
For Visitors   |   For Prospective Students   |   For Current Students & Faculty
Contact Us

If you have trouble accessing this page, or need an alternate format contact webmaster@stat.osu.edu.