To provide access to anyone with a valid UW NetID:
- Log into your web development server using a terminal emulator. If you’re not sure how to do this, click here for instructions.
- At the prompt, enter the following command to change directories to your Web directory:
If you want to password protect a subdirectory rather than your whole website, change directories to the subdirectory you want to protect. For example:
- At the prompt, enter the following command to create a .htaccess file in the current working directory:
- Add the following text to this file:
AuthType Shibboleth <IfVersion < 2.4> ShibCompatWith24 on </IfVersion> ShibRequestSetting requireSession true ShibRequestSetting redirectToSSL 443 require valid-user
- Optional – If two factor authentication (2FA) is desired on depts, staff, faculty, or courses, then add the following text to this file instead:
AuthType Shibboleth ShibRequestSetting requireSession true ShibRequestSetting redirectToSSL 443 ShibRequestSetting applicationId 2fa <IfVersion < 2.4> ShibRequireAll on ShibCompatWith24 on require authnContextClassRef https://refeds.org/profile/mfa require valid-user </IfVersion> <IfVersion >= 2.4> <RequireAll> require authnContextClassRef https://refeds.org/profile/mfa require valid-user </RequireAll> </IfVersion>
To the Web server, valid-user has special meaning. In this context, it refers to anyone who can enter a valid UW NetID and password.
Tip: This will allow any UW NetID (including group accounts and temporary IDs) to access your website. To restrict access further to only specific affiliations, for instance students or faculty, see Authorizing UW NetIDs by Affiliation Type.
- Save and close the file using Nano. (Click for instructions on how to use nano).
- You’re done! Confirm that password protection is working by opening your website with a Web browser.