Web Site Security

This is the outline for what will eventually turn into online curriculum for Catalyst’s Web Site Security Workshop.

Basic Few-Member .htaccess Directives

Sample .htaccess File to Disable Indexing:

IndexIgnore *

Sample .htaccess File to require Any UWNetID

AuthType UWNetID
Require valid-user

Sample .htaccess File to Limit to Just Two UWNetIDs:

AuthType UWNetID
require user rtimmons byronm

Basic Many-Member .htaccess Directives

Sample .htgroups file:

friends: rtimmons vuongm
peers: morgar
teachers: tanimoto

Sample .htaccess File for Requiring A Group:

AuthType UWNetID
Require user rtimmonsAuthType UWNetID
AuthGroupFile ../.htgroup
Require group friends peers

(Note that this will allow anyone belonging to either friends or peers in.)

Custom Authentication

Sample .htaccess file for Custom Authentication

AuthType Basic
AuthName "Protected"
AuthUserFile ./.htpasswd
AuthGroupFile ./.htgroup
Require group users

Creating a .htpasswd File:

Type the following into the terminal:

htpasswd -c .htpasswd user

Where user is the user you’d like to add. The created file is hash-encrypted.

Updating an Existing .htaccess File:

htpasswd .htpasswd user

Where user is the user whose password you would like to change or add.

Author:  Ryan Timmons
Last Modified:  06 August 2008 15:23:13 PDT
URL:  http://uwwebpub.com/

See Original Markdown