OHSU

Restricting Access to an O-Zone Directory

There are situations in which you may want to restrict access to your department's Web pages. The best way to do this is by username and password. The method for doing this is through htaccess and is outlined below. Please note that this only applies to directories and not to individual Web pages. Also, all contents of the password protected directory, including subdirectories, are password protected.

You will need the following basic skills:

  • Ability to FTP and log in to nfslcustadm
  • Ability to use a text editor (such as Notepad)
  • Knowledge of the server path to the directory you want to restrict

To restrict a directory by username and password

  1. Create a new directory or know the existing directory you want to password protect
  2. Call the "ezpass.cgi" program from your browser:
    http://ozone.ohsu.edu/cgi-bin/ezp/ezpass.cgi
  3. Enter the name of the protected area (ex: Webadmin's Private Files), the path to your private directory, and the username and password you want for the directory. If the directory is not at the htdocs level of your server, include the additional file names in the path. For example, if the full path to the directory is at /wtc02/web/ozone/webadmin/secret/files/, you would write:
    webadmin/secret/files/
    There is no slash in front of the first directory name, and there is a slash at the end of your password protected directory
  4. Then submit via the "Generate Files" button.
  5. Copy the ".htaccess" text and paste into a text editor such as Notepad. Save the new file as .htaccess (don't leave out the period - dot in front of htaccess). Be sure you select File Type All, not File Type txt, to avoid having the file extension of .txt.
  6. Next, copy the ".htpasswd" text and paste into a text editor. Save the this text file as ".htpasswd" (again, the period is required - dot in front of htpasswd).
  7. FTP the ".htaccess" and the ".htpasswd" file to the directory you wish to restrict.
  8. Change the permissions on .htaccess and .htpasswd to 644. If you don't know how to do this, try one of these basic Unix tutorials.
    http://www.dorsai.org/help/unix/UNIXhelp/tasks/permissions_num.html
    http://wdvl.com/Internet/UNIX/Intro/toc.html
    Look for: The "chmod" Utility link.
  9. Your UNIX server knows how and when to use the files when they exist.

    You can use this utility to add other users. Just append the resulting "password" text to the ".htpasswd" file in the "secret" directory, so that each user resides on a new line in the file:

    user:smP7k4KHoZphU
    other_user:ixwxRTPp5XhTs