Secure Web Pages

If you had protected pages on the old server, there are some minor changes you will need to make to your .htaccess file(s) in order for them to function correctly with the Apache server. Not making these changes immediately will not result in compromised security, but will make it impossible for anyone to access the restricted pages.

The old format looked like this:



AuthType Basic

PasswordFile /usr/local/users/userid/www/somesecureplace/password.web

ServerID WWW

GetMask    username

A revised version would look like:



AuthType Basic

AuthUserFile /usr/local/users/userid/www/somesecureplace/password.web

AuthName WWW

 

<Limit GET>

require user username

</Limit>

Essentially, PasswordFile is the same as AuthUserFile, and AuthName is the same as ServerID, the GetMask concept, however, is out the window in favor of a more HTML-like <Limit> tag. You can limit Gets, Puts, or Posts, and you can limit them by username, valid-user, or address...

Please see the Apache documentation for further details on .htaccess options...