Restricting Access to Your Web Pages

This web page is intended to make it a bit easier for people to set up restricted-access directories on For more technical details, see this ApacheWeek tutorial or the authoritative mod_access and mod_auth documentation.

Please note that is a public server intended for publishing and used by a great many people. Truly confidential information, such as student grades, should never be posted anywhere on this server. However, simple methods of access control may be used to protect information such as "members-only" newsletters where the cost of disclosure is not so high.

You must create a new subdirectory to hold your private files. For example, if you own /departments/webservices/, you could make a restricted directory /departments/webservices/secretfiles/. Pages within that directory, such as /departments/webservices/secretfiles/topsecrettext.html, would be protected from casual observers.

What area of your web site would you like to protect? (change the text to reflect your subdirectory)

Should these web pages be accessible to anyone who knows the password, or should they be restricted to browsers on the local Brandeis network? Please note that this provides only very crude access control, as the general public may be able to wander into certain public labs. Restricting access by IP address may also be an inconvenience to Brandeis community members with Internet access at home. Still, there are some applications for which restricting access by IP address is appropriate.

Yes, allow connection attempts from anywhere
No, only allow connections from the Brandeis network

Do you want to password-protect your web pages? Note that neither this form nor your putative password-protected web pages will be encrypted, so you should not count on this for truly confidential material.

Yes, require a password for access
No, only restrict by IP address (above)

If you want to set a password or passwords for this area, enter them here. One user per line, space separates from password. For our example secretfiles directory, either username minnie with password bow or username mickey with password belt will let you in. Because these passwords are not encrypted across the network, you should not use a password of value elsewhere.

Finally, if you are requiring a password, we need a password prompt for your realm. This will pop up in the browser like "Password for SuperSecret Files at" The practical limit for most browsers is about 20 characters. Keep it short.