This is documented in full at http://www.cs.uwaterloo.ca/cscf/student/www#www/features_access_imap.faq.
In short, in order to require WatIAM authentication before allowing access to specific webpage (and serve the page over a secure connection), you must first create a file .htaccess
in the same directory as the html file containing the following four lines:
<Files filename> require valid-user SSLRequireSSL </Files>where filename is the name of the webpage you want to password protect. To require WatIAM authentication before allowing access to the files in a specific directory (and all its subdirectories), you must create a file
.htaccess
in that directory containing the following two lines without being enclosed in $lt;Files> tags:
require valid-user !SSLRequireSSL
Typically, this kind of protection is placed on a cgi-bin
directory (i.e., ~/public_html/cgi-bin
) which contains many if not all of the site's CGI programs.
The web server will require that all such pages are accessed via the https://
protocol instead of http://
, so make sure you set any links on your page accordingly.
http://
to forward to https://
automatically on appropriate pages, please document it here.
Please note that while the old Solaris web server required that the line PerlAuthenHandler Apache::AuthenURL
be in the .htaccess
file, the Linux web server requires you not to have it.
The new web server also heavily dislikes lines such as the following which may have been held over:
AuthName "UWDir Authentication" !AuthType Basic
See also: