Htaccess
From TorontoMathWiki
HTACCESS PROTECTION OF WEB DATA ON COXETER
This help page describes how to restrict access to a web directory either by means of a password or by restricting access to certain machines using htaccess. The directions will lead to the creation of three files (.htaccess, .htgroups and .htusers) in the directory to be protected. The first two of these are created using your editor by adjusting the samples presented below. The .htusers file is created automatically using the htpasswd command below.
Contents |
Creating the .htaccess file
Below is a sample .htaccess file for user "jones" to protect the subdirectory "private"; where access is to be restricted via a password. The .htaccess file would be the file, "/www/jones/private/.htaccess".
#------begin sample .htaccess file-------------------------------------
AuthName "MY SPECIAL FILES"
AuthType Basic
AuthUserFile /www/jones/private/.htusers
AuthGroupFile /www/jones/private/.htgroups
<Limit GET>
require group GROUPNAME
</Limit>
#--------end sample .htaccess file------------------------------------
This sample will need to be adjusted for the directory you wish to protect.
The "AuthName" gives the string that will be used when requesting the password, that is, the user will see (using the above sample file):
Enter username for MY SPECIAL FILES at www.math.toronto.edu:
Creating the .htgroups file
The /www/jones/private/.htgroups file (which is also created with your favourite editor) could contain a single line:
GROUPNAME: user1 user2
Creating the .htusers file
The .htusers file is created by running (on coxeter):
touch /www/jones/private/.htusers
htpasswd -s /www/jones/private/.htusers user1
htpasswd -s /www/jones/private/.htusers user2
Of course if you only need one user/password for access then that will simplify the .htusers file slightly.
Following these instructions, the /www/jones/private/.htusers file would contain the two lines:
user1:{SHA}PaVBVZkYqAjCQCu6UBL2xgsnZhw=
user2:{SHA}kkKdgqQekwSGxt5evalgLVXDmYY=
...with the password information encrypted in the long strings.
With things set up as described about when people try to access http://www.math.toronto.edu/jones/private/ (this URL is not currently valid, it is just an example) they will be prompted for a username and password. Note the trailing "/" in the URL (sometimes called a "web address") on the previous line. If you don't use the trailing "/" and you don't have an index.html file in your protected directory then people trying to visit your page will be asked twice for the username and password.
If you want to allow access only from specific places (for example within our departmental network) then you can create a .htaccess file similar to the following:
#--------------------------------------------
<Limit GET>
order deny,allow
deny from all
allow from .math.toronto.edu
allow from .math.utoronto.ca
</Limit>
<Limit POST>
order deny,allow
deny from all
</Limit>
#--------------------------------------------
Note that htaccess distinguishes between utoronto.ca and toronto.edu and to be on the safe side include both.
DON'T FORGET
Finally, you need to send email to "requests@math.toronto.edu" asking that your .htusers file (please specify the exact location of the file, including the directory you put it in) be properly protected.
Much more
One can use .htaccess to change MIME type of some files. Example:
<FilesMatch "\.djvu$">
ForceType image/x-djvu
</FilesMatch>
Here instead of "\.djvu$" could be any regular expression, and instead of image/x-djvu any MIME type
Another example: you have a php file with graphics output and you want to refer to this file in the remote bulletin board which however would not allow reference to file with extension php. You rename it into foo.jpg and to be processed as php on sever side you put in .htaccess
<FilesMatch "foo\.jpg$">
ForceType application/x-httpd-php
</FilesMatch>
MORE INFORMATION
Type "man htpasswd" on coxeter for more information about the htpasswd command.
See <http://httpd.apache.org/docs/mod/directives.html> for more information on the directives that you can put into an .htaccess file.
