FAQ on Tools Available for Your Pages

How do I restrict access to a page or pages?
How can I write CGI-BIN/PHP programs?
How do I submit forms via email?

How do I restrict access to a page or pages?
Web pages can be protected by placing a file named .htaccess in the web directory. The ECE web server will detect this file and interpret its instructions before allowing access to material in the directory (and its subdirectories). The specific format of directives in the .htaccess file are defined by the web server software from The Apache Group. Please be aware that this restriction is done on a per-directory basis. If you have some files you want open to the public, but some restricted, then you need to have two separate directories.

Suppose you have a directory that you only want people on campus to be able to see the contents. The following sniplet of commands placed in a .htaccess file in the directory /a/b/c/to/path would be used to implement that restriction.

order deny,allow
deny from all
allow from .gatech.edu

There are other methods for restricting access, including the requirement of a username/password combination.

New! As of Fall 2010, you can password-protect your directories using the same single sign-on system that is used by my.gatech.edu, T-Square, BuzzPort, and many other Georgia Tech services. If you would like to restrict access to a directory so that anyone with a Georgia Tech account can login, place the .htaccess file in the directory to restrict and put the following in your file:

AuthType Cas 
Require valid-user 

If, instead, you'd like to restrict access to a limited group of users, use the following format in your .htaccess file, replacing "gb0 gburdell0" with a space-separated list of Georgia Tech usernames for those who should be able to login:

AuthType Cas 
Require user gb0 gburdell0

Please note that since this is a single sign-on service, if you are already logged into another application that uses this service, you will not be asked to login again. If you would rather be notified each time you are logging into one of the single sign-on applications, make sure that you check the box next to "Warn me before logging me into other sites" when you initially login to the "Georgia Tech Login Service".

Note: The method that follows does not encrypt any of the transaction, so usernames and passwords are sent in plain text. If you need a more secure method of protecting your files, send an email to help@ece. We recommend that you use NCSA-style user files which contain simple username: <enc passwd> pairs. This advanced feature should only be used by experienced people. To do so, you set up a .htaccess file very similar to above, but instead, you need to add a database that contains the list of users you want to be able to access the files. This database file consists of a list of username:password pairs where the passwords are encrypted just like standard Unix passwords. In order to reduce the complexity of managing these files, we have provided a utility in /home/www/bin/userdb (accessible via ssh) that will allow you to easily manage and maintain these NCSA style password files.

usage: /home/www/bin/userdb -db /path/to/your/password/file -action [username]
  -add username     Adds the specified user to the 
                    userdbfile, possibly creating 
                    the file.  Prompts for the 
                    user's password.
  -change username  Changes an existing user's 
  -delete username  Removes the specified user 
                    from the userdbfile.
  -list             Displays the contents of the 
  -help             Prints out information on how 
                    to use this program with 
                    Netscape server authentication.

To use an NCSA-style password file, you must refer to it in the .htaccess file as shown:

AuthUserFile /path/to/your/password/file
AuthGroupFile /dev/null
AuthName "This is what the prompt will say"
AuthType Basic
require valid-user

Please note that references to your database files MUST include a fully qualified pathname, and it must be world-readable. (Note: If your password file is in a sub-directory of your users page, the /path/to/your/password/file will begin with "/home/www/users/" (for faculty and staff) or "/home/webpages/" (for students) followed by your username and the rest of the path to your password file. So, if I am faculty, and my username is "abcd" and the sub-directory which contains my ".htpasswords" file is called "private", then my AuthUserFile would be "/home/www/users/abcd/private/.htpasswords" - without the quotes.) NOTE: your password file should begin with .ht so that it cannot be read in a browser.

NOTE: A lot of people think that they have access restrictions on their pages, yet they unintentionally set the permissions on the files so that the web server itself can not read them. In this case, the server returns an error message pertaining to permissions, when it is really telling you the that the file permissions are wrong. In order for the server to read your files, all directories must be read-execute enabled to world, e.g. at least mode 755. All files must at least be readable by the webserver, e.g. at least mode 644. You can use the Unix chmod command to set these permissions properly.

How can I write CGI-BIN/PHP programs?
You can't. OK, if you have a really good justification as to why you need to, see the CGI-BIN/PHP Policy page. Note that you need a very strong reason to be granted such privileges - not because you want: a counter, a guestbook, simple form processing, etc.

How do I submit forms via email?
As of October 14, 2003, the form_email script is disabled. Please send an email to help@ece.gatech.edu if you need your form to be configured with our new script. Please note that, if you are a student requesting to be set up with the new script, we will require approval from your advisor. Be sure to include a link to the html form that you have created.

If you would like to set up a form using this new script, please create your form web page then send an email to help@ece with the following details:

  • The path to the form file you created
  • Who should receive the email with the information provided in the form
  • What you would like the subject of the email to contain
  • Which, if any, of the fields are required
  • If you have another page that you would like people to be redirected to after they have filled out the form, then be sure to create that file and supply the path to that file, too

When you receive your reply from help@ece, you will be provided with additional details (including what to fill in for your <form> tag).

Last revised March 3, 2015