The PLT Web server provides basic authentication following RFC 2617. These passwords are stored in passwords. The Web server caches passwords for performance reasons. Requesting the URL http://localhost/conf/refresh-passwords reloads the password file. The format is:

'((realm path-regexp (name password) ...) ...)

realm : string
A unique identifier for this set of passwords.
path-regexp : string
A regular expression applied to the resource. If it matches, then this set of passwords is used for this resource.
name : symbol
The login name for a user. Note that case-sensitivity depends on the current settings in MzScheme.
password : string
The password, unencrypted, for the user.

For example, to hide anything in the /secret/ directory under the host-root, but allow access to bubba with the password bbq and Billy with the password BoB, use

'(("secret stuff" "/secret(/.*)?" (bubba "bbq") (|Billy| "BoB")))