- IT Home
- How Tos
- IT Support
- Office Hours for Staff Support
- Office Hours for Student Support
In this article we explain how you can utilize the apache authentication to restrict access to you website or parts of your website.
The server software is configured to enable you to use the apache authentication. You have to create the files
.htpasswd. These files are protected by the server software so you can not download or view them with your web browser.
All you need is a text editor to create two text files, a web browser to generate passwords for users that should be able to access the restricted pages and an ftp client to transfer the files to the server.
Important Hint for Windows User
While saving the files ensure that the file name will not be extented with 'txt', 'doc' or similar. The 'Save Files as...' dialog in Notepad for example extends your filename automatically with '.txt'. After you clicked on "save File as...' click on the drop down option list for 'Save as type:' and select 'all Files'. Now you can save the file. You can not change the name of files beginning with '.' in the Windows Explorer. If you created the files with an extension transfer the files with your ftp client to the server and use the
rename function of your ftp client to change the name.
Step by Step
1. Step - Which users should have access to your restricted pages?
Compile a list of users that should have access to your restricted pages. Start your web browser and open the page https://ircitweb.irc-it.jacobs-university.de/genpasswd.php. Here you can enter the username and a password. Click on 'generate' to generate the entry needed for your .htpasswd file.
Copy the generated line into your text editor. Repeat that for every additional user. Please mind to have only 1 user per line in your text file.
Save the file as
.htpasswd should look like this:
2. Step - the .htaccess
The second step is to create the .htaccess file. With this file you configure the authentication. You need the following entries:
- AuthName: This name is often shown by the client as name of the login dialog.
- AuthType: Type of authentication. Choose Basic.
- AuthUserFile: Full path to your .htpasswd file. This could be
- Require user: All users who should have access need to be here.
Here is a simple example of the .htaccess file:
Authname "Restricted Area - Please login"
require user makaiser tschmidt
You can copy this example into your text editor, make all necessary changes and save the file as
3. Step - Transfer files to www.faculty.jacobs-university.de
Now you can transfer the files to the server. Open your ftp client and connect to
www.faculty.jacobs-university.de. Transfer the
.htpasswd file to the place you wrote in the
.htaccess file and the
.htaccess file into the folder that should have restricted access.
4. Step - Test the authorization
Test, if authorization works. Start your web browser and open your restricted website. You should get a login dialog. Enter a username with the corresponding password and login. If you can see your website authorization seems to be okay. Congratulations for your first apache authenticated website! If not, you should get a message with
Error 500. Please check your
.htaccess file for errors and also that the
.htpasswd file is in the right place.
Multiple .htaccess files
You can create different
.htaccess files for different directories. But you will need only one
.htpasswd file. Everey
.htaccess file can point to the same
.htpasswd file. Please mind that if you like to add some users to your
.htpasswd file to copy the file from the server to your computer or use a local copy of that file and edit this file. If you create a new one it might happen that you overwrite your old file and all old entries will be lost.
If you want to know more about apache you can use the apache documentation at http://www.apache.org. More information about apache authentication can be found at http://httpd.apache.org/docs/2.2/en/howto/auth.html.