Password lock a web page
From CVL Wiki
(→Option 1: htpasswd) |
|||
(8 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
− | + | To add password protection to your website hosted on the ECE webserver, you can create a HyperText Access file ('''.htaccess''') in the directory that you want to password protect. This file will password protect all of the files (web pages) in that directory and all files in any subdirectories. | |
− | This file | + | *'''Please note that the file must start with a period "."''' |
− | = | + | More information about .htaccess files here: https://httpd.apache.org/docs/2.4/howto/htaccess.html |
− | + | ||
− | + | There are two methods of password authentication that can be employed to protect your webpage. | |
+ | |||
+ | ==Option 1: htpasswd== | ||
+ | This is a flat file that sits in your home directory and contains a list of usernames and password hashes. You can use the [https://httpd.apache.org/docs/2.2/programs/htpasswd.html htpasswd] command to add users to the file. This option has the benefit of not being tied to any particular user account (local or ldap). You can even create a single user/pass and share it with anyone. | ||
+ | *We strongly recommend NOT putting the htpasswd file under the public_html folder, but instead in your home directory root. This prevents accidental access to the file via the website | ||
+ | |||
+ | Here is the format of the .htaccess file for this option | ||
+ | |||
+ | AuthType Basic | ||
+ | AuthName "Password Required" | ||
+ | AuthUserFile /home/<ECEUSER>/password.file | ||
+ | require valid-user | ||
+ | |||
+ | ==Option 2: VT PID== | ||
+ | This option uses Virginia Tech's PID and password authentication. You can allow all valid PID's, or provide a list of specific usernames. | ||
+ | |||
+ | Here is the format of the .htaccess file for this option (all valid PID's) | ||
+ | |||
+ | AuthType Basic | ||
+ | AuthBasicProvider ldap | ||
+ | AuthzLDAPAuthoritative Off | ||
+ | AuthName "Virginia Tech ED-Auth (PID/pass)" | ||
+ | AuthLDAPURL ldaps://authn.directory.vt.edu:636/ou=People,dc=vt,dc=edu?uupid | ||
+ | require valid-user | ||
+ | |||
+ | To allow only specific users, change the '''require valid-user''' line to a space delimited list | ||
+ | require user pid1 pid2 pid3 | ||
+ | |||
+ | ==Option 3: ECE Accounts== | ||
+ | *'''This option is untested!''' | ||
+ | |||
+ | This follows the same basic structure for Option 2, but uses the ECE ldap instead of the VT ldap | ||
+ | |||
+ | AuthType Basic | ||
+ | AuthBasicProvider ldap | ||
+ | AuthzLDAPAuthoritative Off | ||
+ | AuthName "ECE Account Credentials" | ||
+ | AuthLDAPURL ldap://auth.ece.vt.edu:/ou=people,dc=ece,dc=vt,dc=edu?uid | ||
+ | require valid-user |
Latest revision as of 08:22, 19 September 2014
To add password protection to your website hosted on the ECE webserver, you can create a HyperText Access file (.htaccess) in the directory that you want to password protect. This file will password protect all of the files (web pages) in that directory and all files in any subdirectories.
- Please note that the file must start with a period "."
More information about .htaccess files here: https://httpd.apache.org/docs/2.4/howto/htaccess.html
There are two methods of password authentication that can be employed to protect your webpage.
[edit] Option 1: htpasswd
This is a flat file that sits in your home directory and contains a list of usernames and password hashes. You can use the htpasswd command to add users to the file. This option has the benefit of not being tied to any particular user account (local or ldap). You can even create a single user/pass and share it with anyone.
- We strongly recommend NOT putting the htpasswd file under the public_html folder, but instead in your home directory root. This prevents accidental access to the file via the website
Here is the format of the .htaccess file for this option
AuthType Basic AuthName "Password Required" AuthUserFile /home/<ECEUSER>/password.file require valid-user
[edit] Option 2: VT PID
This option uses Virginia Tech's PID and password authentication. You can allow all valid PID's, or provide a list of specific usernames.
Here is the format of the .htaccess file for this option (all valid PID's)
AuthType Basic AuthBasicProvider ldap AuthzLDAPAuthoritative Off AuthName "Virginia Tech ED-Auth (PID/pass)" AuthLDAPURL ldaps://authn.directory.vt.edu:636/ou=People,dc=vt,dc=edu?uupid require valid-user
To allow only specific users, change the require valid-user line to a space delimited list
require user pid1 pid2 pid3
[edit] Option 3: ECE Accounts
- This option is untested!
This follows the same basic structure for Option 2, but uses the ECE ldap instead of the VT ldap
AuthType Basic AuthBasicProvider ldap AuthzLDAPAuthoritative Off AuthName "ECE Account Credentials" AuthLDAPURL ldap://auth.ece.vt.edu:/ou=people,dc=ece,dc=vt,dc=edu?uid require valid-user