Controlling Access to your Webpages

The HKUST WWW servers provide the following ways to protect Web pages. We recommend you to take a look at our overview page for basis introduction first.

Files Used for Enabling Access Control

In order to restrict access from Web browsers, you will need to set up as many as three files depending on what type of access control methods you would like:

.htaccess (required): This file provides its directory with access control. Any web directory (which must be at or below the WWW directory level) whose access you would like to control must have this file. To protect all your web pages, put a .htaccess in your WWW directory. Subdirectories of a directory with an .htaccess file will be under its control unless they have their own .htaccess file.
.htpasswd (optional): This file is necessary if you are using the "Basic" authentication method. Each line of this file contains a pair of username and an encrypted password.
.htgroup (optional): This file allows you to assign sets of users to named groups.

Password-based Access Control Methods

Controlling Access by Domain
Control access to your Webpages by specifying range of IP addresses.

Basic Password and Group Protection
Control access to your Webpages with a single or group of user-defined username and password.

Password Protection by WebLDAP
Control access to your Webpages by authenticating ITSC Network account with our campus-wide LDAP server.

Encrypted (SSL) Connections

Encrypted connections help protect information in transit over the Internet. It does not help you control who can access your Web pages, but SSL can be used to make passwords and other information more difficult for others to hack.

Using Secure Sockets Layer
How and when to use Secure Sockets Layer (SSL).