FSU Biology - Making a password protected web page on www.bio.fsu.edu

Department of Biological Science

at Florida State University

Making a password protected web page on www.bio.fsu.edu

These directions assume you all ready have setup a regular web page on www.bio.fsu.edu.  For directions on doing that please see How to build and upload a webpage on www.bio.fsu.edu.

Folder and directory mean the same thing.

For purposes of directions the name of the protected folder will be : "secure_folder".  You can name it anything you wish.  Just substitute your name for "secure_folder" in the directions below.

For purposes of directions the name of the password list will be: "password_list".  You can name it anything you wish.  Just substitute your name for "password_list" in the directions below.

Terms inside of <>'s should be substituted with actual values (don't type the <>'s).

<authorized_user_name> = name you want the user to use to get into your web page

<authorized_user_password> = password you want the authorized user to use to get to your web page

<your_userid> = your userid on epsilonbio.fsu.edu

There are two methods for handling secure pages; FSU CAS Method, and Local Password File Method.
Be sure to check the login security is working before putting up any 'classified' information.

FSU CAS Method:

Make a folder to store your secured webpage files in, login will only be possible for those with FSU credentails with this method.

This folder should be off of your public_html folder.  It should be named 'secure' or something along those lines.

  • Launch a ssh session to epsilon.bio.fsu.edu.  Your session should start in your home directory, you can verify this by typing command: pwd
  • Change directory to your public_html folder with the command: cd /users/<yourusername>/public_html/
  • Create the secure directory with command: mkdir secure
  • Move into the secure folder (cd secure), and copy the .htaccess file that allows all FSU users login access with command: cp /usr/local/share/fsucas/.htaccess .
  • Any web pages in this secure directory will now be login protected and only available for people with FSU login credentails.

To narrow which specific FSU related people you would like to grant access to your webpages

  • Pull down the .htaccess file you copied into your secure folder onto your local machine with your file manager (FileZilla, Tectia, etc..)
  • Open the .htaccess file in the notepad app on your computer
  • Change the second line to say: require <comma separated list of FSU id's>
  • Only the people in the comma separated list will be able to login and view your secured webpages
  • Save the notepad file as .htaccess and change the 'save type' to 'All Files (*.*)'
  • Last use FileZilla, Tectia, etc.. to transfer the .htaccess file you just created to the secure folder you previously created in your public_html directory.
  • If there is already a .htaccess file in the secure folder, let the new one overwrite it

Local Password File Method:

Make a folder to store your userid's and passwords and create the password_list file.

This folder should NOT be off of your public_html folder.  It should be (directly) off of your home folder.

  • Launch a ssh session to epsilon.bio.fsu.edu.  Your session should start in your home directory, you can verify this by typing "pwd".
  • Create a password folder by typing "mkdir http_pws".  The name of your password folder will be http_pws.
  • Change directory to the http_pws folder by typing "cd http_pws".
  • Create the password_list file by typing
    "htpasswd -c password_list <authorized_user_name>".
  • Enter <authorized_user_password> when prompted (twice).
  • Add more (other) users (if desired) by typing
    "htpasswd password_list <authorized_user_name2>".

Make the folder to be password protected off of your public_html directory and create the proper .htaccess file.

  • Change directory to your public_html folder by typing "cd ~/public_html"
  • Make your folder by typing "mkdir secure_folder".
  • Change directory to the new folder by typing "cd secure_folder".
  • Edit a file name ".htaccess" using your favorite unix editor (pico or vi most likely) and insert:

          AuthName "Any blurb you want, gets displayed in login dialog box"
            AuthType Basic
            AuthUserFile /users/<your_userid>/http_pws/password_list
            Require valid-user