Requiring Userids for Secure Web Access

This is documented in full at http://www.cs.uwaterloo.ca/cscf/student/www#www/features_access_imap.faq.

In short, in order to require WatIAM authentication before allowing access to specific webpage (and serve the page over a secure connection), you must first create a file .htaccess in the same directory as the html file containing the following four lines:

<Files filename>
   require valid-user
   SSLRequireSSL
</Files>

where filename is the name of the webpage you want to password protect. To require WatIAM authentication before allowing access to the files in a specific directory (and all its subdirectories), you must create a file .htaccess in that directory containing the following two lines without being enclosed in $lt;Files> tags:

require valid-user
!SSLRequireSSL

Typically, this kind of protection is placed on a cgi-bin directory (i.e., ~/public_html/cgi-bin) which contains many if not all of the site's CGI programs. The web server will require that all such pages are accessed via the https:// protocol instead of http://, so make sure you set any links on your page accordingly.

Please note that while the old Solaris web server required that the line PerlAuthenHandler Apache::AuthenURL be in the .htaccess file, the Linux web server requires you not to have it. The new web server also heavily dislikes lines such as the following which may have been held over:

AuthName "UWDir Authentication"
!AuthType Basic

See also:

• HtaccessForPHP if you are planning on implementing any pages in PHP.
• RestrictingWebAccessToCourse to restrict access to particular pages to certain userids.