The Apache web server that we have as a standard here at UMBC on Unix allows for controlling access to a directory and it's subdirectories through a .htaccess file in that directory. You just need to create the proper file and an associated password file.
You'll want to create a file called .htaccess in the particular directory you want to be restricted. Also note that all subdirectories will be included in the restriction. The file should look similar to the following:
AuthName "Description of the login" AuthType Basic AuthUserFile /path/to/your/password/file/mentioned/below require valid-user
The AuthName is just what is displayed to the User when the username and password box pops up. The AuthType must be "Basic", this is the type that checks the password file. The AuthUserFile will be described in the next section. And the require has the options of "valid-user", "user username", or "group groupname".
In order to have a directory password protected, you must create a set of usernames and passwords that are allowed. Sometimes this is as simple as just creating one and everyone using it, or creating one for each person. To create the users, you first need to pick a file location, and then you need to find out where the program "htpasswd" is located on your system. We don't have a linux binary for this, although you could probably get one. If you are logged into an Irix machine, you can use the binary "/afs/umbc.edu/admin/www/gl/bin_irix65/htpasswd". If you just run it, it will give the syntax that it requires. Here is a basic example of creating a password file for a GL home page:
irix1[3]% cd ../pub/ irix1[4]% pwd /afs/umbc.edu/users/t/i/tim/pub irix1[5]% /afs/umbc.edu/admin/www/gl/bin_irix65/htpasswd Usage: htpasswd [-c] passwordfile username The -c flag creates a new file. irix1[6]% /afs/umbc.edu/admin/www/gl/bin_irix65/htpasswd -c /afs /umbc.edu/users/t/i/tim/pub/.wwwusers guest Adding password for guest. New password: Re-type new password: irix1[7]% ls -al .wwwusers -rw-r--r-- 1 tim research 20 Jan 9 16:55 .wwwusers
Just run the same command for each user, leaving off the "-c" after the first execution. This will create the password file it will use for authenticating. Also put the filename that you specified for the password in the "AuthUserFile" option in your .htaccess file. Do note that you should not put your password file under your www directory because that would mean that anyone could bring it up on the web if they knew the filename.
For more in depth information on the restrictions available, please see the apache web site for mod_auth at http://httpd.apache.org/docs/mod/mod_auth.html.
If you have any questions or problems with this, please email systems@umbc.edu with as much information as you can that will help us help you.
[an error occurred while processing this directive]