This instructions tell you how to configure your repository so that even the static pages and search and view pages require a valid username/password.
The /images and /style directories are deliberately unsecured so that you can explicitly always view the files in them (you need the CSS + images to render the login page!)
This even secures things like the OAI interface, and registration. So you'll probably want to disable web-based registration in favour of importing users or creating them with an admin account.
1. In archives/ARCHIVEID/cfg/lang/en/static/ rename index.xpage to home.xpage
2. Run bin/generate_static to generate the home.html file (and others).
3. Add the following to archives/ARCHIVEID/cfg/apachevhost.conf (use your site URL in the last bit and replace ARCHIVEID):
<Location ""> AuthName "Documents Area" AuthType "Basic" PerlAuthenHandler EPrints::Apache::Auth::authen PerlAuthzHandler EPrints::Apache::Auth::authz require valid-user AuthName "Documents Area" </Location> <Directory "/opt/eprints3/archives/ARCHIVEID/html/en/images"> order allow,deny allow from all satisfy any </Directory> <Directory "/opt/eprints3/archives/ARCHIVEID/html/en/style"> order allow,deny allow from all satisfy any </Directory> <Location "/cgi/reset_password"> order allow,deny allow from all satisfy any </Location> <Location "/cgi/confirm"> order allow,deny allow from all satisfy any </Location> <LocationMatch "^/$"> Redirect / http://myarchive.ac.uk/cgi/users/login?target=/home.html </LocationMatch>
4. Restart Apache.