Protection based upon IP address or user is only a mild form of security, among other things because the checking via htpasswd in this case is not using any encryption. Highly sensitive information furthermore needs to be secured fully by enryption (only reachable via https://).
Mind that files need to be created via the ISO 8859 or ASCII encoding. If you use notepad, this is standardly so. (name .htaccess and save as type 'all files').
For protection based on IP address, put the .htaccess file in the directory you want to protect.
.htaccess (allowing an IP address)
require ip 157.193.7.1
.htaccess (allowing several IP-addresses)
require ip 157.193.1.1 require ip 157.193.1.2 require ip 157.193.1.3
.htaccess (allowing a full IP-range --- e.g. vpn-range)
require ip 157.193.1 require ip 157.193.7 require ip 157.193.28 require ip 157.193.29 require ip 157.193.32
Put the .htaccess file below in the directory you wish to protect.
AuthUserFile /www/department/username/.htpasswd AuthName "Login_screen_title" AuthType Basic Require valid-user
Students have to replace AuthUserFile /www/department/username/.htpasswd by /users/initial_letter_username/username/.htpasswd
A .htpasswd file is created with the 'htpasswd' command.
e.g.
# htpasswd -c $WWWHOME/.htpasswd username OR # htpasswd -c /users/initial_letter_username/username/WWW/.htpasswd username
The .htpasswd file contains usernames and encrypted passwords.
You can add several users (= several lines). All following users are added without the '-c' option.
e.g.
# htpasswd $WWWHOME/.htpasswd other_username
Example .htpasswd file
username:T5PkcBiivzBuE username:h4tMZLf8bva1I username:z/z5qVcqPNbI.
It is advisable not to put the htpasswd file in the WWW folder, but in the parent directory of the WWW directory (if you put in the WWW tree, you will need extra protection).
If the htpasswd file is put in the WWW (or sub-) folder, add the following to the .htaccess file:
<FilesMatch "^.ht"> require all denied </FilesMatch>
This protects .htaccess and .htpasswd (and any othe file starting with ".ht") in the same directory.
Take care: only the .htpasswd file is encrypted, the sending of username and password is not! Do not use any existing UGent login and password combinations!
To get access to the WWW directory, open a SSH (putty) session.
Students enter the parent directory at login, they don't need the following procedure.
Members of staff have to use the command
cd $WWWHOME
to get to the WWW parent directory.
If you wish to approach this directory with winscp, filezilla or other explorer-like tools, it is best to run this command first in an interactive session:
ln -s $WWWHOME wwwhome
This needs to be executed only once; it will allow you to use the folder name "wwwhome" for this directory.
The parent directory of the WWW in our example is /www/department/username
For shares, the parent directory path is /www/_shares/sharename
The AuthUserFile path in the .htaccess file then is /www/_shares/sharename/.htpasswd