web passwords - four worked examples, Apache httpd v. 2.4

[DRAFT]

givens (not all items used in all cases)

your home directory                        /u/psmith
web content gets delivered from directory  public_html
you want to restrict (or not)              public_html/semi_secret/
passwords will get stored in               webpasswords
web page username is to be                 bertie
password is to be                          wooster
discriptive text is                        how Jeeves organises his pantry
the text editor you know                   pico

Example 1. Anyone may read

Arrange that you have no file .htaccess, or at any event the file contains no deny or Require lines.

cd ~/public_html/semi_secret
ls -A
rm .htaccess

Example 2. Anyone using certain machines may read

Suppose you are writing strictly for in-house use, and for readers who will find passwords a burden.

cd ~/public_html/semi_secret
pico .htaccess
chmod a+r .htaccess

Make the file read something like this:

<RequireAny>
  Require host .mun.ca
  Require host an.other.com
</RequireAny>

But perhaps there are glitches in computer name lookup:

<RequireAny>
  Require ip 134.153.0.0/16
  Require host .mun.ca
  Require host an.other.com
</RequireAny>

Example 3. Anyone with the password may read

First create the password.

cd ~
touch webpasswords
chmod 644 webpasswords
htpasswd -b webpasswords bertie wooster

Then set up things so that the password gets used.

cd ~/public_html/semi_secret
pico .htaccess
chmod a+r .htaccess

Make the file read:

authtype basic
authuserfile /u/psmith/webpasswords
authname "how Jeeves organises his pantry"
require user bertie

Example 4. Insiders don't need a password

cd ~/public_html/semi_secret
pico .htaccess
chmod a+r .htaccess

Make the file read:

authtype basic
authuserfile /u/psmith/webpasswords
authname "how Jeeves organises his pantry"

<RequireAny>
  Require host .mun.ca
  Require user bertie
</RequireAny>

Doesn't work?

Permissions are inherited. The first, parent file applies to the extent the second does not over-rule it.

~/public_html/.htaccess
~/public_html/semi_secret/.htaccess

Testing

Present yourself as an outsider, even though inside, by using an anonymous proxy like anonymouse.org or kproxy.com.


A.E. December 2013