1. K-State home
  2. »DCM
  3. »Web Services
  4. »CMS
  5. ».htaccess notes
  6. ».htaccess notes

Web Services

Restricting access to web pages

Web pages are normally available to anybody. However, access to web pages can be restricted by requiring a username and password.  The username can be:

  • Any K-State eID
  • A list of K-State eIDs
  • A shared ID unrelated to a K-State eID

All methods share some features:

  • It is best to collect restricted pages into a single directory that contains just restricted pages. Restrictions will apply to all files and subdirectories in the restricted folder.
  • Restrictions are controlled by a file called .htaccess that is placed in the directory to be protected.  The format of the .htaccess file is very specific; be careful when editing this file.

Restricting access to any K-State eID

Place the following lines in the .htaccess file.

   AuthType CAS
Require valid-user

Restricting access to people with a K-State eID and password is not the same as restricting access to K-State students and employees. Anybody can register for a K-State eID.

Restricting access to a list of K-State eIDs

Place the following lines in the .htaccess file.

   AuthType CAS
Require userlist

Where userlist is a blank-delimited list of K-State eIDs that are allowed access. Any number of eIDs may appear on the line. If required, additional Require directives can be used.

Restricting access with a shared ID

For situations where security is not critical and non-K-Staters may be allowed access, a username and password may be used that is unrelated to a K-State eID.  The username and password must be distributed via email or other means.

Place the following lines in the .htaccess file.

   AuthType Basic
AuthName "Password Protected Area"
AuthUserFile /usr/local/data/www/path-to-site/userlist.txt
Require valid-user

Where path-to-site is the path to the site's files on the web server. For sites on www.k-state.edu, this is just the pathname portion of the URL, down to the directory being protected. For example, if www.k-state.edu/dept/secure/ is being protected, path-to-site is dept/secure.

For other sites, contact webservices@k-state.edu.

The actual username and password are specified in a file named userlist.txt. To determine the contents of that file, a variety of online password encryption facilities are available, such as http://www.htaccesstools.com/htpasswd-generator/.