Web Services Blog

Password protect Web pages

Creating a text file called “htaccess.txt” (all lowercase and no quotes) is a simple way to password protect certain Web pages.

Create a new file in any text editor such as Notepad (Windows) or Text Edit (Mac) and name it htaccess.txt. Copy the following text in red into your htaccess.txt file.

AuthType shibboleth
ShibRequireSession On

require valid-user

The example  above will allow access to anyone with a valid Clemson userid and password (more options below).

Save the file and upload it to the same folder as the page want to password protect. If you are using Cascade, you will need to publish it to the server to enable the protection. Please note that if you have already logged in recently you may need to restart your browser before it will ask you to re-login.

Note: every asset in the same folder as the htaccess.txt file will be password protected.

The level of security varies with the options outlined in the file.

If you want to limit access to specific userids, then you would replace the valid-user variable with the specific valid userids:

require userid1
require userid2
require userid3

This will allow only the users userid1, userid2 and userid3 to have access.

Maybe you want to restrict access to just employees?

require primary-affiliation employee

Or perhaps only users of a specific blackboard workgroup?

require edirgroup .workgrouptest.workgroups.sitesets.clemsonu


For more information, visit CCIT’s page on Htaccess Controls.