Contributor(s): Than Garson
Note: this procedure may be outdated and this documentation may need to be rewritten.
In certain situations it is necessary to restrict access to a web document, whether it is an HTML document or one for downloading, such as a Zip file or Word document. In these cases, access to the folder where the document resides can be restricted to those with the correct username and password. (Note: This process does not work for XML documents in the present state of affairs because XML documents are not accessed directly. The user calls the XSLT transformation engine, which in turn calls the XML document, and if that XML document is located in a protected folder, the transformation engine will crash.) The present document describes how to create such a password protected folder. All documents in a password protected folder are thus restricted in access to those that have the proper login and password.
To create such a folder, one must have access to the HTML server (in THDL’s case IRIS) via FTP with SecureFx and via a secure shell terminal such as SecureCRT. (If you are a registered UVA user [Student or Staff], these programs are available from UVa's ITC Download site.) Therefore, only the main workers on the THDL staff are able to create such a folder. Those who do have such access should be warned not to create an unnecessary proliferation of password protected folders. They should be kept to a minimum, and their passwords should be registered with the THDL director, who will keep a well documented file of password protected folders and their uses. The instructions here are to document the process for such moderate use. The steps are:
A second username/password combo can be added by typing: htpasswd .htpasswd username (i.e. the same command without the –c) and going through the same password verification process.
The .htaccess file is the Unix file that tells the server that a folder is restricted. It is a simple text file with a simple structure. Only one portion of it needs to change for each password restricted folder. In a text file type the following lines, replacing the “{location of your folder here}” with the actual location of the folder from the root:
AuthUserFile /lv9/tibet/{location of your folder here}/.htpasswd
AuthGroupFile /dev/null
AuthName ByPassword
AuthType Basic
<Limit GET>
require valid-user
</Limit>
Save the file as “.htaccess” and using the FTP program post it into the folder that is to be protected. For further information on this topic, see SiteHost International.