Requiring Userids for Secure Web Access

This is documented in full at http://www.math.uwaterloo.ca/mfcf/faq/www_author.html#www/features_access_imap.faq.

In short, in order to require WatIAM authentication before allowing access to specific webpage (and serve the page over a secure connection), you must first create a file .htaccess in the same directory as the html file containing the following four lines:

<Files filename>
require valid-user
!SSLRequireSSL
</Files>

where filename is the name of the webpage you want to password protect. In order to require WatIAM authentication before allowing access to the files in a specific directory (and all its subdirectories), you must create a file .htacces in that directory containing the following two lines:

require valid-user
!SSLRequireSSL

Please note that while the old Solaris web server required that the line PerlAuthenHandler Apache::AuthenURL be in the .htaccess file, the Linux web server requires you not to have it.

The web server will require that all such pages are accessed via the https:// protocol instead of http://, so make sure you set any links on your page accordingly.

NB: If anybody knows how to get http:// to forward to https:// automatically on appropriate pages, please document it here.

See also:

• HtaccessForPHP if you are planning on implementing any pages in PHP.
• RestrictingWebAccessToCourse to restrict access to particular pages to certain userids.