first | back | next

Setting up protected directories on the Apache server

Most Web servers have configuration controls and commands that limit access to pages and data that reside on the server. Using WEBppliance's Web Server Manager, you can limit access to directories by using password protection.

Important: WEBppliance does not provide directory protection on domains that have a service plan that grants Microsoft® FrontPage® extensions. FrontPage has its own protected directory feature. If your domain has such a service plan, use FrontPage to provide directory protection. For information on this feature, see the Microsoft FrontPage manual.

To protect a directory on the Apache server:

  1. Divide the users who should have access to a protected directory into logical groups, such as by department. Apache manages all user authorizations through groups.
  2. Create an authorization name that will have access to the protected directory, and designate the user groups that will have permission to use this authorization name.

When you protect a directory, the Apache server creates an . htaccess file with an authorization name for the directory. This access file points to a password file that restricts access to the directory. When a user accesses a protected directory, the Apache server prompts the user for a password and verifies that this password is in the password file before granting the user access to the directory.

Creating user groups for a protected directory

To restrict access to protected directories, you must divide users into practical groups, such as Sales or Executive and then manage user authorization through these groups.

To create a user group:

  1. In the Web Server Manager, click Manage Groups .

    2. The Protect Directories: (HTAccess) Manage Groups window opens, showing a list of the groups currently in the group file.

  2. In the Enter Group name field, enter a name for the group you are creating.
  3. Click Add .
Adding users to a group

Once you have created a user group, add users to it using the Manage Users option.

To add a user to a group:

  1. On the Web Server Manager, click Manage Users .

    2. The Protect Directories: (HTAccess) UserName/Password Manager window opens, showing a list of the user groups currently stored in the group file and, at the bottom of the form, a list of user names that currently have a password in the password file.

  2. In the UserName field, enter the user's user name.
  3. In the Password field, enter the password the user will use to access protected directories, and retype this password in the Confirm Password field.
  4. In the Belongs to group(s) field, specify the user group to which the user should be added.

    5. You can add the user to multiple groups by using Ctrl-click (holding down the Ctrl key and clicking the group names).

  5. Click Add/Edit .

    6. The list of users at the bottom of the window displays the new user's name.

Editing passwords

Use the following steps to edit a user's password.

  1. On the Web Server Manager, click Manage Users .

    2. The Protect Directories: (HTAccess) UserName/Password Manager window opens, showing a list of the user groups currently stored in the group file and, at the bottom of the form, a list of user names that currently have a password in the password file.

  2. In the Username field, enter the user name of the user whose information you want to edit.

    3. The user's current password in the appears in the Password field.

  3. Change the password and retype it in the Confirm Password field.
  4. Click Add/Edit .
Removing users from a group

To remove a user from a group, you must remove the user from the password file. If the user is to retain access to protected directories as a member of another group, you will have to add the user back into that group.

To remove a user from a group:

  1. On the Web Server Manager, click Manage Users .

    2. The Protect Directories: (HTAccess) UserName/Password Manager window opens, showing a list of the user groups currently stored in the group file and, at the bottom of the form, a list of user names that currently have a password in the password file.

  2. In the Actions column, click next to the user you want to remove.
Removing user groups from a protected directory

To remove a group from a protected directory:

  1. In the Web Server Manager, click Manage Groups .

    2. The Protect Directories: (HTAccess) Manage Groups window opens, showing a list of the groups currently in the group file.

  2. In the Actions column, click next to the group you want to remove.
Setting protection on a directory

When you set protection on a directory, the Apache server creates an HTAccess file for the directory. This access file points to a password file that restricts access to the directory.

To set protection:

  1. On the Web Server Manager, click Protect Directories .

    2. The Protect Directories (HTAccess Configuration) window opens, showing a list of the directories residing on the server. The directories are identified as either unprotected or protected.

  2. From the directory list, locate the directory you want to protect.
  3. Click protect in the Actions column.

    4. The Set HTAccess AuthName window opens, showing the directory you are going to protect and a list of the groups that currently exist.

  4. In the AuthName field, enter a descriptive, one-word name for the directory you want to protect.

    5. For example, to protect a directory of employee salary information, enter Salaries.

  5. In the Add to Group(s) field, specify the user groups that should have access to this directory.

    6. You can specify multiple directories by using Ctrl-click (holding down the Ctrl key and clicking the directory names).

  6. Click Save .
Removing protection from a directory

When you remove protection from a directory, the Apache server removes the HTAccess file from the directory.

To remove protection:

  1. On the Web Server Manager, click Protect Directories .

    2. The Protect Directories (HTAccess Configuration) window opens, showing a list of the directories residing on the server. The directories are identified as either unprotected or protected.

  2. From the directory list, locate the directory from which you want to remove protection.
  3. Click unprotect in the Actions column.

    4. The following message appears, verifying the action.

    Access File Removed. Directory Unprotected.

first | back | next