University Systems help centre

Restrict access to your website: Mac OS X

By default, UVic web spaces are visible to the public. For security reasons, you may want to restrict access to your personal website.

These restrictions will make an authentication box appear when visitors navigate to your website (the appearance may differ depending on your web browser).

authentication pop-up

Part 1: Create your .htpasswd file

1. Go to https://studentweb.uvic.ca/htpasswd-generator/.

2. Type in the username and password you wish to provide access to your website, and click the Add User button. Repeat this process for all username/password combinations you wish to be able to authenticate to your site. 

create hashed password

3. Open a text editing application, such as TextEdit, and copy and paste the line of text generated into your text file.

copying hashed password

4. Repeat Steps 2-4 with any usernames you would like to give access to your website, adding each on a new line of the text file.

.htpasswd file format

5.  If you are using TextEdit, you will need to click Format and select Make Plain Text

text edit format text

6. Save your file as .htpasswd. Deselect the If no extension is provided... checkbox. Since by default macOS hides files beginning with periods, you may not be able to see the file on your computer. You should, however, be able to see the file when using an SFTP client, such as Cyberduck. 

7. Upload the file (using an SFTP client) to the data folder.

Part 2: Create your .htaccess file

1. Open a text editing application, such TextEdit.

2.  If you are using TextEdit, you will need to click Format and select Make Plain Text

text edit format text

3. Type the following text (as it appears in the image below): 

.htaccess format

  • Instead of NetlinkID in AuthUserFile use your own Netlink ID.
  • Instead of typing UsernameA UsernameB and UsernameC, type the Username(s) that may access your site.
  • You may change the text Restricted to Username to anything you wish to appear in the login dialogue.

4. Save your file as .htaccess. Deselect the If no extension is provided... checkbox. Since by default macOS hides files beginning with periods, you may not be able to see the file on your computer. You should, however, be able to see the file when using an SFTP client, such as Cyberduck. 

5. Upload the file (using an SFTP client) to the folder that you wish to protect. All subfolders will be protected. If you wish to protect your entire site, upload the file to the www folder.

6. Check the permissions to .htaccess. They should be set to 744 to allow read access. To view the file, click on View-> Show Hidden Files. Select the file and click Action -> Info

Cyberduck Get Info

.htaccess unix permissions

7. To remove or change access restrictions, delete or edit your .htaccess file.