Encrypting documents via Leland's secure webserver
Overview
Sometimes you have information in your web pages that you'd like to make absolutely sure no one can see. Regular webservers transmit pages as they are, so even if the pages are protected, someone who is able to intercept traffic between you and the server can see it. That's why there are secure webservers that transmit documents encrypted so only your browser can read them. Someone who intercepts the document in transit will get a bunch of gobbledygook that can't be deciphered. These kinds of secure servers are used when you buy something over the web: they prevent someone from stealing your credit card number by "sniffing" the connection (not the easiest thing to do, but possible).
Secure webservers typically use a mechanism called SSL (secure socket layer) to do the encryption. These servers use the "https" method instead of "http". For example, you can also get to the current document by going to:
https://www.stanford.edu/services/web/encrypt.html
Your browser will probably give you some hints that the document was obtained in a secure manner (Netscape shows a blue bar and a whole rather than broken key).
Any of your documents that are available via http are also available via https.
You may have some documents that you'd like to restrict to https (secure) access only. That way no one can get them via http (unencrypted) access. To do this, place the following line in a file called ".htaccess" in the directory you'd like to restrict:
SSLRequireSSL on
That's all there is to it. That directory and those below it will be affected.
Note: You'll also want to make sure that no one can get your restricted documents through the file system. You should set the ACL on that directory so that only the webserver can read the files, as shown below (to learn how to set ACLs, see the Setting Permissions web page).
system:www-servers read
To make sure that system:anyuser and system:authuser do not have permissions that let people sneek a peek, first set:
system:anyuser none
and then:
system:authuser none
