LuxSci

Password Protection for Web Sites: Quick and Easy

Published: May 11th, 2011

Customers commonly want to create sections of their web sites that are password protected — so only authorized users can access specific pages, downloads, or other content.  In most cases, setting this up requires some technical know-how and messing with “htaccess” and “htpasswd” files — in general, it can be a pain to do it “manually”.

LuxSci has a web site password protection tool integrated into its web site management console.  Use of this tool makes password protection and management of the users (and user groups) very simple.

How To Set It Up

An existing LuxSci customer would:

  1. Create the physical directory in the web site: using FTP, SFTP, or our Secure Web-Based File Manager.
  2. In the LuxSci Web Site Administration Area:
    1. Click on “Define Passwords”
      1. Enter the username/password combinations for each of your web site “users”. (Note that these are different from and independent of any of your LuxSci users).
      2. If you like, define one or more “groups” of users.  Groups allows you to manage access “in bulk” and is great if you will have many different password protected areas in the same site.
    2. Configure a “New Directory” under “Directory Settings”.  E.g., if you are protecting “https://yoursite.com/secure”, then define the directory “/secure”.
    3. Enable “Password-protect this directory” in the configuration.
    4. In the “Password Protection” area that appears once “Password-protect” is enabled, you can specify who can read pages and who can write to / upload pages.  You can select “no one”, “any one”, “specific users” and/or “specific groups”

How It Works

The password protection system creates the htpasswd and htgroup files for you and saves them in a secure location in your web site directory (one not accessible to web visitors; you can upload and edit these files directly if you so desire).  The actual enabling of the password protection is done in the central web server configuration — so no “htaccess” file is needed and any existing htaccess file that you may be using on your site is unaffected/untouched.

Updating user and group access is as simple as going back into your web site configuration area and updating the settings therein.

Works with WebDAV

If you are using WebDAV to have a shared file space on your web server that users can upload and download files to/from, the password protection tools work here as well.  You can specify exactly who gets “read only” access to the space and who is permitted to “write” (i.e. upload and delete things). Enabling directories for WebDAV access is as simple as checking the “Enable WebDAV” check box in your web site directory configuration page and then setting up the user access lists in the Passwords Protection area.

Works with Secure and Insecure Web Sites

LuxSci’s password protected directory tool works with both secure and insecure web site areas.  With a secure web site, the passwords and usernames are communicated securely over SSL.

Leave a Comment


You must be connected or logged in to post a comment. This is to reduce spam comments.

If you have not previously commented, you can connect using existing social media account, or register with a new username and password.