Requiring Userids for Secure Web Access

This is documented in full at http://www.cs.uwaterloo.ca/cscf/student/www#www/features_access_imap.faq.

In short, in order to require WatIAM authentication before allowing access to specific webpage (and serve the page over a secure connection), you must first create a file .htaccess in the same directory as the html file containing the following four lines:

<Files filename>
   require valid-user
   SSLRequireSSL
</Files>
where filename is the name of the webpage you want to password protect. To require WatIAM authentication before allowing access to the files in a specific directory (and all its subdirectories), you must create a file .htaccess in that directory containing the following two lines without being enclosed in $lt;Files> tags:
require valid-user
!SSLRequireSSL

Typically, this kind of protection is placed on a cgi-bin directory (i.e., ~/public_html/cgi-bin) which contains many if not all of the site's CGI programs. The web server will require that all such pages are accessed via the https:// protocol instead of http://, so make sure you set any links on your page accordingly.

*NB*: If anybody knows how to get http:// to forward to https:// automatically on appropriate pages, please document it here.

Please note that while the old Solaris web server required that the line PerlAuthenHandler Apache::AuthenURL be in the .htaccess file, the Linux web server requires you not to have it. The new web server also heavily dislikes lines such as the following which may have been held over:

AuthName "UWDir Authentication"
!AuthType Basic

See also:

Topic revision: r8 - 2010-10-13 - TerryVaskor
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2017 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback