When to use

Follow these steps when you want a file to be viewed only by specific individuals worldwide. Since they are not members of the BU community, they do not have BU login names and Kerberos passwords. To restrict access in this way, you will have to create usernames and passwords for each user and distribute those usernames and passwords to each individual.

CODE EXAMPLE:

AuthType Basic
AuthUserFile /full-path-to/.htpasswd
AuthName "Description for Login Box"
require valid-user

Steps

1. Create a subdirectory within your web publishing directory for the documents you want to restrict.

You must do this because you cannot mix restricted documents with unrestricted documents in the same directory. Also, if you want one set of restrictions on some documents and another set of restrictions on other documents, you must create separate subdirectories. Note: If the documents you want to restrict are already segregated into separate subdirectories, you can skip this step.

NOTE: If you are unfamiliar with UNIX file permissions, it is best to use an FTP program for this step.

2. Create an .htaccess file.

With a text editor such as NotePad or SimpleText on your computer, create a new file. Do not use Microsoft Word format (the .doc extension) to create this file. If you use a word processor, such as Word, to create this file, you must save it as Text or Text-only format. If you do not, the file with not operate correctly. Copy the code example above and paste it into the file.

The .htaccess file contains the information about who is allowed into the directory. The access controls specified in a .htaccess file apply to all documents within that directory as well as documents in any subdirectories.

3. Modify the .htaccess file.

Edit the code in your .htaccess file to indicate the location on the server of your restricted directory as well as the description for the login box that users will see when entering their login and password information.

Replace "full-path-to" with the full directory path to your restricted directory:

For publishers on www.bu.edu:

The full path begins with:
/afs/bu.edu/cwis/webuser/web/
and is followed by your specific directory location using this scheme:
first-letter/second-letter/groupname/directoryname/
For example, a restricted directory named seminar within the History department website would use this code:
AuthUserFile
/afs/bu.edu/cwis/webuser/web/h/i/history/seminar/htpasswd

For publishers on people.bu.edu:

The full path begins with:
/web/people/
and is followed by your specific directory location using this scheme:
first-letter/second-letter/username/directoryname/

For example, a restricted directory named kids within the people.bu.edu website of a user named jones would use this code:
AuthUserFile
/web/people/j/o/jones/kids/htpasswd

Replace “Description for Login Box” with the text you want displayed in the window that pops up when the user is asked to log in. Your title should be surrounded by quotation marks.

For example, if you want the pop-up login window to display the message “Restricted to friends of Nancy Jones. Login required.” you would use this code:
AuthName "Restricted to friends of Nancy Jones. Login required."

4. Save the .htaccess file.

After editing your code in a text editor, save the file using this filename:

.htaccess

The name must begin with a . (period) and it must be in all lowercase letters. If you use a word processor such as Word to create this file, you must save it as Text or Text-only. If you do not, the file with not operate correctly.

5. Upload the .htaccess file into your restricted directory.

Using an FTP program, upload the .htaccess file into the directory where you are storing your restricted files.

Once uploaded, you should check the file on the server and make sure the filename is .htaccess — many text editors will automatically append the .txt file extension to the end of the filename. If your text editor has done this, rename the file simply to .htaccess.

6. Create the .htpasswd file.

This file will contain the login information for your users, and can be created using any Mac or Unix machine. On a Mac, this can be done in Terminal using the following command:

htpasswd -c -b .htpasswd username password

Once you have the .htpasswd file, upload that to the server using FTP, as was done with the .htaccess file.

7. Distribute the usernames and passwords to your users.

Also send them the URL to your protected documents.

Notes

  1. Since the passwords are encrypted, you cannot retrieve them if users forget them. So keep a copy of usernames and passwords for yourself. If a user forgets a password, and you don’t know it either, you will have to run the htpasswd program again to create a new password for that user.
  2. To add an additional user later, just run the htpasswd to create a new username and password for that person.
  3. To remove a user from the list of people authorized to view your files, just delete that user from the htpasswd file. Download the .htaccess file to your computer using an FTP program, edit the file with NotePad or SimpleText, then upload the file back into your protected directory.