How to protect a web page with .htaccess

If you happen to need to protect a web page but not only for LSC usage, you need to perform the following steps:

• Create the directory to protect under your WWW tree, e.g. mkdir -p ~/WWW/PROTECT
• Create a file named .htaccess in it with the following content (exchange your username accordingly)

AuthUserFile /home/carsten/WWW-secrets/PROTECT
AuthGroupFile /dev/null
AuthName "Files under this directory are protected, please enter credentials"
AuthType Basic

SSLRequireSSL


require valid-user

This will ask the web server to look into the file /home/carsten/WWW-secrets/PROTECT (where I chose to place the password for this access). It will display the text after AuthName once you try to access the directory/page. Also, it requires the use of https instead of the non-encrypted http transport.

• now use pwgen 12 1 or similar tools (please don't do this on the web) to generate a nice password
• initially run htpasswd -c /home/carsten/WWW-secrets/PROTECT Atlantis to create the user Atlantis (case sensitive!) - it will ask for a password - enter the one you just generated

That's basically all, if you now surf to https://atlas3.atlas.aei.uni-hannover.de/~carsten/PROTECT/ there should be a password box popping up in which you should enter Atlantis and the password.

To add extra users, re-run the htpasswd command but omit the -c options as this will wipe out all existing users.