Web Content Display Web Content Display

Personal Homepages FAQ

Q: Do I get personal web space? How do I set up my home page?

A: Yes, but personal web space is being set up only by request so you'll have to ask for it. Please send your request to support@sci.utah.edu. When this is done, you'll find your home page folder under:

/usr/sci/www/yourusername

Your link will be http://www.sci.utah.edu/~yourusername

When you create your page, name it index.html. That will guarantee that it will be seen as your main home page by the server. Other pages can be named whatever you want, but must have the .html or .htm extension.

Q: Can I password protect parts of my personal website?

A: Yes. We use an Apache web server that has a built in system for web security. To set up a password protected area on your site, you need to create two text files; a .htaccess and a .htpasswd and place the .htaccess file in the folder you wish to protect. The .htpasswd file can live anywhere as long as you have the correct path in your .htaccess file. You should use a simple text editor to create these files. When a user tries to access a page within that folder, the server reads the .htaccess file and follows the commands within. In this case, it will promt the user for a login and then compare their username and password to what is contained in the .htpasswd file. The .htaccess file must contain specific directives about securing the folder it's in and the path to where the .htpasswd file can be found. Make sure these files are world readable so the server can read them.

The .htpasswd file is just a list of usernames and encrypted passwords separated by a colon. When the user is prompted for a login and enters their username and password, the server automatically encrypts their password before comparing it to what is in the .htpasswd file. To create a .htpasswd file, therefore, you must find out what the password will look like after it has been encrypted and put that in the file. Luckily, there are online tools available to help you encrypt passwords. Here is a nice password encryption tool.

It's important to note that this type of web security is not highly secure. When a user logs in, their password it transferred over the internet unencrypted and could be picked up by a hacker fairly easily if they tried. It will effectively keep out the casual browsers, but I would not rely on it to secure highly sensitive information. Most importantly, NEVER USE THE SAME PASSWORD FOR SECURED WEB SITES AS YOU DO FOR INTERNAL NETWORKS OR YOUR OWN COMPUTER. If you do, a hacker who picks up your password from the reletively insecure internet, could then gain access to the ordinarily much more secure network or your computer.

Below are examples you can use to set up your password protected folders. To learn more about password protection and other things .htaccess files can be used for, see this Apache User Authentication Tutorial.

Example .htaccess file

Deny from all
AuthType Basic
AuthUserFile /usr/sci/www/yourusername/protectedfolder/.htpasswd
AuthName "My Secure Site"
require valid-user
satisfy any

Example .htpasswd file

someusername:91Tj5IPCFPRmQ
anotherusername:52Ah3WQVDYNsW