RequireUseridsForSecureWebAccess < ISG

ISG Web>CourseAccounts>CourseWebpage>AllAboutHtaccess>RequireUseridsForSecureWebAccess (2010-10-13, TerryVaskor) (raw view)

EditAttach

---+ Requiring Userids for Secure Web Access

This is documented in full at http://www.cs.uwaterloo.ca/cscf/student/www#www/features_access_imap.faq.

In short, in order to require !WatIAM authentication before allowing access to specific webpage (and serve the page over a secure connection), you must first create a file =.htaccess= in the same directory as the html file containing the following four lines:
<pre>&lt;Files filename>
   require valid-user
   SSLRequireSSL
&lt;/Files></pre>
where filename is the name of the webpage you want to password protect.
To require !WatIAM authentication before allowing access to the files in a specific directory (and all its subdirectories), you must create a file =.htaccess= in that directory containing the following two lines without being enclosed in $lt;Files&gt; tags:
<pre>require valid-user
!SSLRequireSSL</pre>

Typically, this kind of protection is placed on a =cgi-bin= directory (i.e., =~/public_html/cgi-bin=) which contains many if not all of the site's CGI programs.
The web server will require that all such pages are accessed via the =https://= protocol instead of =http://=, so make sure you set any links on your page accordingly.

<div style="border: medium groove black">*NB*: If anybody knows how to get =http://= to forward to =https://= automatically on appropriate pages, please document it here.</div>

Please note that while the old Solaris web server *required* that the line =PerlAuthenHandler Apache::AuthenURL= be in the =.htaccess= file, the Linux web server requires you *not* to have it.
The new web server also heavily dislikes lines such as the following which may have been held over:
<pre>AuthName "UWDir Authentication"
!AuthType Basic</pre>


See also:
   * HtaccessForPHP if you are planning on implementing any pages in PHP.
   * RestrictingWebAccessToCourse to restrict access to particular pages to certain userids.

Topic revision: r8 - 2010-10-13 - TerryVaskor

ISG Web

ISG Web Home
- Changes
- Index
- Search

Webs
- AIMAS
- CERAS
- CF
- CrySP
- External
- Faqtest
- HCI
- Himrod
- ISG
- Main
- Multicore
- Sandbox
- TWiki
- TestNewSandbox
- TestWebS
- UW

My links
- People
- CERAS
- WatForm
- Tetherless lab
- Ubuntu Main.HowTo
- eDocs
- RGG NE notes
- RGG
- CS infrastructure
- Grad images

Edit

Instructional Support Group, David R. Cheriton School of Computer Science, University of Waterloo