Password Protecting Your Web Material

You can restrict the access to files in your public_html folder so that only SITNet ID holders or specific SITNet ID holders can access them. This is accomplished with the .htaccess control file that is saved inside the folder to be protected. Anyone attempting to access files in the protected folder is prompted for his or her SITNet ID username and password.

The last line of the .htaccess file contains a list of the SITNet ID holders that have permission to the files in the protected folder.

Steps to Set Up Password Protection:

  1. Create a folder within your public_html directory for the files you want to password protect.
  2. Copy the files that you want to restrict access to and paste them in the subfolder you just created.
  3. Create a text file named .htaccess (dot-htaccess). You can use a UNIX text editor like vi or pico, or Windows application like Wordpad or Notepad to create this file.
  4. The last line in the file controls which SITNet IDs have access to the protected folder. The contents of the control file to give all SITNet ID holders access is listed below.

    order allow,deny
    allow from all
    AuthName "My password protected site"
    AuthType Basic
    Base_DN "ou=people,dc=sunyit,dc=edu"
    LDAP_Port 389
    UID_Attr uid
    require valid-user

    The contents of the control file that gives specific SITNet ID holders access (i.e. doej, howardo and brownt5) is listed below.

    order allow,deny
    allow from all
    AuthName "My password protected site"
    AuthType Basic
    Base_DN "ou=people,dc=sunyit,dc=edu"
    LDAP_Port 389
    UID_Attr uid
    require user doej howardo brownt5
  5. Save the file with the name .htaccess (Dot-htaccess). The vi and pico text editors save the file in the ASCII file type and do not put an extension on the file. Notepad and Wordpad need to be saved in a file format other than their default and they put a .txt extension on the file.
    Save a Notepad file as an ANSI file type (i.e. File/Save As, select ANSI as the file type.), and a Wordpad file as MS_DOS text file (i.e. File/Save As, select MS-DOS text file for the type).
    Remove the .txt file extension after the .htaccess file has been copied into the folder it will protect. Do this by renaming the file. The Rename command is accessed in SSH and Winscp by right clicking on the file, and in MySUNYIT HomeDir and WSFTP_LE with the Rename buttons.
  6. Create a .htaccess file for each folder you want to protect.

Limiting Access to Groups

In addition to limiting access to a resource to individual users or all authenticated users, you may also specify that only certain groups can access a particular resource. Currently, the following groups are defined:

  • Staff
  • Faculty
  • Graduate Students
  • Undergraduate Students

To use this restriction, you need to replace the line 'require valid-user' with a 'require filter' line of the following form:

  • require filter (gidNumber=x)

where 'x' is the group id number for the group you wish to restrict to. Each group has it's own number:

  • Faculty = 32
  • Undergraduate Students = 33
  • Graduate Students = 34
  • Staff = 38

You may also include multiple (gidNumber=x) statements on the same line, each separated by a space, to imply that access is restricted to members of any listed group. So, to restrict access to staff (38) and faculty (32), you would use the following:

  • require filter (gidNumber=32) (gidNumber=38)

You may also restrict access on other arbitrary fields from LDAP using the same mechanism. For example, to restrict access to people whose offices are located in Kunsela Hall, use:

  • require filter (roomNumber=*Kunsela)


Request More Information

Detailed information, brochures and forms can be mailed to you upon request.


Let's Start The Process     

Complete and submit your application to SUNY Polytechnic Institute.