Internet and WWW Guides
Protected Web Pages
There are several ways of restricting access to personal web pages on the Computer Science departmental web service
Internal Web Server
The simplest way to restrict access to web pages is to create a folder local_html
in your home directory (H: drive) and place the web pages there.
This works in exactly the same way as the public_html
folder, but the pages are visible under
https://www2.csc.liv.ac.uk/~{username}/
rather than
http://cgi.csc.liv.ac.uk/~{username}/
The www2
server is freely accessible to all machines on the local CS departmental network, but any access from outside the department will prompt for a (CS) username and password. This effectively restricts access to students and staff (and legitimate visitors/collaborators) of the Computer Science department.
Restrict to Valid Users
Pages located within the public_html
folder hierarchy (i.e. on the server cgi.csc.liv.ac.uk
can be restricted to valid CS users in a similar manner, by creating a file .htaccess
within the directory to be protected. This should contain the following settings:
AuthPAM_Enabled on
AuthPAM_FallThrough off
AuthBasicAuthoritative off
AuthName "Computer Science Internal"
AuthType Basic
require valid-user
Order allow,deny
Allow from all
and then be made globally readable ("chmod a+r .htaccess
").
Again, this will prompt for a (CS) username and password before delivering any pages in that folder.
Note that any links to these files should use secure https
URLs, to avoid departmental usernames and passwords being transmitted over the Internet unencrypted.
Explicit Password Protection
You can also protect a (directory of) web pages by requiring an arbitrary username and password to be supplied before the pages are delivered.
This is similar to the approach above, but the .htaccess
file should contain the following instead:
AuthName "My Restricted Pages" AuthType Basic AuthUserFile $HOME/.htpasswd require valid-user Order allow,deny Allow from all
(replacing $HOME
with the name of your home directory - use the Linux command "echo $HOME
" to determine this).
It is then necessary to construct the file $HOME/.htpasswd
. This can be done by running the Linux command
htpasswd -c $HOME/.htpasswd {user}
(where {user} is the name that people should use), and supplying the password (twice) when prompted to do so.
If you wish to support more than one username/password combination, then use the commands:
htpasswd -c $HOME/.htpasswd {user1}
htpasswd $HOME/.htpasswd {user2}
htpasswd $HOME/.htpasswd {user3}
etc
Note that the .htpasswd
can be located anywhere within your personal filestore (and the file can have any convenient name)
but it should NOT be stored anywhere within the public_html
tree.
Maintained by webmaster@csc.liv.ac.uk