[2904] in WWW Security List Archive
Re: your mail
daemon@ATHENA.MIT.EDU (Brian W. Spolarich)
Mon Sep 9 19:53:19 1996
Date: Mon, 9 Sep 1996 18:26:39 -0400 (EDT)
From: "Brian W. Spolarich" <briansp@ans.net>
To: Benjamin Suto <ben@alliedtours.com>
cc: "'www-security@ns2.rutgers.edu'" <www-security@ns2.rutgers.edu>
In-Reply-To: <01BB9E32.45CF7D80@ben.alliedtours.com>
Errors-To: owner-www-security@ns2.rutgers.edu
Benjamin, this is generally a pretty basic feature of most HTTP servers.
The implementation of access controls varies greatly depending on your
server. Under Apache and other NCSA variants this is accomplished via the
access.conf file. Under the Netscape Enterprise server, this is
accomplished via the Admin interface (as are most things). WN, on the
other hand, is a completely different beast altogether. Don't ask me
about IIS...I don't know. :-]
RTFM on your server to find out how to do this for your particular
product. You're looking for how to set up "Access Controls" or something
similar.
The authentication that we're talking about here is accomplished via the
Basic authentication method which is part of the HTTP/1.0 protocol
specification (sometimes referred to as "HTTP Basic"). This
authentication method is built in to all current releases of any
reasonable Web client.
-brian
On Mon, 9 Sep 1996, Benjamin Suto wrote:
> I know this has been asked before, so I'll be quick.
>
> Does anyone know any resources for finding information on password
> protection certain web pages? For example, if a site tries to access a
> certain web page, or any web pages under it, a prompt would show up
> asking for a username and/or password.
>
> My company wants to restrict certain information from the rest of the
> Internet, but still allow our clients to access it.
>
> If anyone has any information as to how to do this, please send it to me.
>
> Thanks,
>
> Ben
>
>
--
Brian W. Spolarich - ANS - briansp@ans.net - (313)677-7311
Look both ways before crossing the Net.
