WMU > OIT > Help Desk > Web

Password Protecting Web Pages on homepages.wmich.edu

You may sometimes want to restrict access to certain pages or areas of your Web site. This can be done by using password protection. You may:

1. Use the Interactive Password Protection Program (you will be asked to enter the Bronco NetID and password of the account you wish to password protect pages in, and you may not use spaces in your folder names) to:
   1. Provide a single username and password that all visitors will use. You determine the username and password and you provide it to the visitors you want to be able to access those pages.
   2. Require any WMU Bronco NetID access. This limits access to persons having a WMU Bronco NetID, i.e. WMU students, faculty, or staff.
   3. Combine Bronco NetID access and a specific username and password. This would be useful if you wished to allow all WMU access to your pages, and certain non-WMU visitors access.
2. Provide multiple usernames and passwords that visitors will use. Again, you determine the usernames and passwords and which visitors will use them.
3. Combine specific Bronco NetID access and a specific username and password. This would be used if you wish to allow only certain WMU visitors access along with certain non-WMU visitors.

Provide multiple usernames and passwords

All content you wish to password protect must be stored in a separate folder on your Web site. Be aware that putting password protection on a folder in your site also protects any folders beneath that folder. Also be careful that you do not prevent your images from displaying by having them in a different password protected area than your pages. Create your content and upload it to the specific folder you want to secure using the FTP method you normally use. Then:

1. Using an FTP application that allows you to enter commands, FTP to homepages.wmich.edu.
2. Change directories to the folder you are securing, for example cd secure-folder.
3. Determine your path from root by entering pwd. You will see something like '/SAN/data/homepages/j/jones/homepages.wmich.edu/secure-folder' is current directory'. Make note of everything after "/homepages/" as you will need it later for your x.htsecure file.
4. Obtain the security files
5. Edit the x.htsecure file. (Note: make sure there are no extra spaces or characters at the end of your lines after editing this file)

   Replace the items in red with your specific information. Remember this file will uploaded to the server and UNIX is case-sensitive.

   AuthUserFile /unified/initial/username/homepages.wmich.edu/secure-folder/x.htpasswd
   AuthGroupFile /unified/initial/username/homepages.wmich.edu/secure-folder/x.htgroup
   AuthType Basic
   AuthExternalAuthoritative off
   AuthExternal auth-system
   GroupExternal group-system
   AuthName "Secure Pages For This Area" (this is what appears in the password box when visitors access your secure area)
   
   Require user www-cgi
   Require group groupname1 groupname2 (these are the groupnames you define below)

6. Edit the x.htgroup file.

   Replace the red text with your chosen group names. Replace the green text with the usernames of the visitors you want included in that group.
   
   groupname1: username1 username2 username3
   groupname2: username1 username2 username3

When finished, FTP the x.htaccess, x.htsecure, x.htgroup, and x.htpasswd files to your secure folder on the Web server. Then, using your browser, visit the secured area. You should be prompted for a username and password. Enter those you selected to assure they work.

Combine specific Bronco NetID access and a specific username and password

All content you wish to password protect must be stored in a separate folder on your Web site. Be aware that putting password protection on a folder in your site also protects any folders beneath that folder. Also be careful that you do not prevent your images from displaying by having them in a different password protected area than your pages. Create your content and upload it to the specific folder you want to secure using the FTP method you normally use. Then:

1. Using an FTP application that allows you to enter commands, FTP to homepages.wmich.edu.
2. Change directories to the folder you are securing, for example cd secure-folder.
3. Determine your path from root by entering pwd. You will see something like '/SAN/data/homepages/j/jones/homepages.wmich.edu/secure-folder' is current directory'. Make note of everything after "/homepages/" as you will need it later for your x.htsecure file.
4. Obtain the security files
5. Edit the x.htsecure file. (Note: make sure there are no extra spaces or characters at the end of your lines after editing this file)

   Replace the items in red with your specific information. Remember this file will uploaded to the server and UNIX is case-sensitive.

   AuthType Basic
   AuthName "Secure Pages For This Area" (this is what appears in the password box when visitors access your secure area. This string must be enclosed in the double-quote characters.)
   AuthUserFile /unified/initial/username/homepages.wmich.edu/secure-folder/x.htpasswd
   AuthGroupFile /dev/null
   AuthExternal auth-system
   GroupExternal group-system
   
   AuthExternalAuthoritative off
   
   Require user www-cgi
   Require user username (this is the username you want visitors to enter)
   Require user valid-BroncoNetID-username (this is the specific Bronco NetID username you want to allow access to)

When finished, FTP the x.htaccess, x.htsecure, and x.htpasswd files to your secure folder on the Web server. Then, using your browser, visit the secured area. You should be prompted for a username and password. Enter those you selected and then enter the specific Bronco NetID and password to assure that part works as well.

Need More Help?

If you need assistance, the Help Desk is located down the hall at the end of the UCC lab. They may be reached by telephone at (269) 387-HELP, option 1, or by e-mail to .