Restricting Access to Web Pages

Instructions
FAQs


Note: Currently, it is possible to restrict Web pages only on the central (www.udel.edu) Web server. The directions below will not work on the copland (udel.edu) Web server.

It is possible to restrict access to Web pages (i.e., to allow only certain people to view the Web pages with a Web browser) on the central (www.udel.edu) Web server. You can make your Web pages accessible only to the specific users, groups, or IP addresses you indicate.

Note: These instructions assume you already have a Web directory. If you don't, see How do I get a Web directory? and then return to these instructions.


Instructions

To restrict access to Web pages, you must place a .htaccess file in the directory to which you want to restrict access. Because you probably have other Web pages you want everyone to be able to see, you will need to create a special directory for the restricted pages and give your files the correct permissions.

  1. Change to the directory in which you want to create a restricted directory.
    1. Log in to your UDelNet account.
    2. At the copland.udel.edu prompt, type the following command, replacing directory_name with the name of your directory on the central Web server. Then press ENTER:
      cd /www/htdocs/directory_name
  2. Create the directory you want to restrict.
    • If you alone are creating and working on the files to which you wish to restrict access, type the following commands, pressing ENTER after each command, and replacing restricted_dir_name with a name of your choice:
      mkdir restricted_dir_name
      setfacl -r -m user:www:r-x restricted_dir_name
      cd restricted_dir_name
    • If you and your workgroup are creating and working on the files to which you wish to restrict access, type the following commands, pressing ENTER after each command, and replacing project number with your actual project number and restricted_dir_name with a name of your choice:
      mkdir restricted_dir_name
      chgrp project_number restricted_dir_name
      chmod 770 restricted_dir_name
      chmod g+s restricted_dir_name
      setfacl -r -m user:www:r- restricted_dir_name
      cd restricted_dir_name
  3. Create your .htaccess file.

    There are three ways to restrict access (allow only certain people to view your Web pages with a Web browser):

    • By IP address
    • By user
    • By group

    Restrict access by IP address

    1. Create your .htaccess file using the Pico editor. At the percent sign prompt, type the following command and press ENTER:

        pico .htaccess

    2. To restrict by IP address, type the following lines into the .htaccess file:

        <limit GET> 
        order deny,allow 
        deny from all 
        allow from 128.175 
        allow from 128.4 
        </limit>         

      Note: do not put a space before or after the comma in allow,deny. The server will consider this a syntax error and will not allow anyone to access your directory.

    3. Save your file and exit Pico by pressing Ctrl-X.

    The lines above will allow anyone accessing the Web from a UD computer address to see the files in these directories but will not allow anyone outside UD to see them. You can modify the "allow" line (or add more "allow" lines) to meet your needs.

    Example of a .htaccess file to restrict access to just the users of a computer with 111.111.1.11 as its IP address:

    <limit GET>
    order deny,allow
    deny from all
    allow from 111.111.1.11
    </limit>

    Restrict access by user

    1. Create your .htaccess file using the Pico editor. At the percent sign prompt, type the following command and press ENTER:
        pico .htaccess
    2. To restrict by user, type the following lines into the ".htaccess" file:
        authtype basic 
        <limit GET> 
        require user username(s) 
        </limit>

      For username(s), substitute the actual UDelNet ID(s) of the person or people to whom you want to allow access. For more than one user, list each name separated by a space. For example, to allow users "banana," "apple," and "pear" to access the files in your restricted access directory, you would substitute require user banana apple pear for the require user username(s) line. If your list of users does not fit on one line, each line of the list of users must begin with require user. To allow access to anyone with a UDelNet ID and to prevent anyone else from accessing this directory, substitute Require valid-user for the require user username(s) line.

    3. Save your file and exit Pico by pressing Ctrl-X.

    Example of a .htaccess file to restrict access to users "banana," "apple," and "pear":

     

    authtype basic 
    <limit GET>
    require user banana apple pear
    </limit>

  4. Restrict access by group

    1. Create your .htaccess file using the Pico editor. At the percent sign prompt, type the following command and press ENTER:

        pico .htaccess
    2. To restrict by group, type the following lines into the .htaccess file:

        authtype basic 
        <limit GET> 
        require group project_number 
        </limit>       

      Substitute the actual project number for project_number. For example, to allow only users in project 1111 to access your restricted directory, you would substitute require group 1111 for the require group project_number line.

    3. Save your file and exit Pico by pressing Ctrl-X.

    Example of a .htaccess file to restrict access to users in project 1111:

     

    authtype basic 
    <limit GET>
    require group 1111
    </limit>

  5. To have the .htaccess file work correctly, at the percent sign prompt, type the following command and press ENTER:

      chmod o+r .htaccess

You have now completed all the steps necessary to restrict access to Web pages contained in your restricted directory. When users access URLs contained within directories protected in this way, the browser will present a Username and Password Required dialog box in which the user will be prompted to enter his or her UDelNet ID (username) and password.

Note: To ensure that people will be logging in through a secure page, when you create the href link to your restricted page, use https rather than http in the URL. For example, https://www.udel.edu/filename.html.

Contents


FAQs

  1. How do I get a Web directory?
  2. UD faculty and staff can obtain space on the central Web server (www.udel.edu) to publish official University information by completing the WWW Directory Request Form.

  3. How do I find out a person's UDelNet ID?
  4. Finding the person's UDelNet ID is a two-step process.

    1. At the copland % prompt, type the following command, substituting the person's last name for name and pressing ENTER:
      finger name@udel.edu

      This will give you a list of approximate matches to the name you seek. The matches are in the form first.m.last@udel.edu. You must type the entire name to get the person's exact information, including the UDelNet ID.

    2. Type
      finger first.m.last@udel.edu

      to get the person's UDelNet ID.

  5. How does a person get a UDelNet account?
  6. All members of the UD community have a UDelNet account. To activate your UDelNet account, see the University of Delaware Network page.

  7. What is a project, and how do I get a project number?
  8. A project is an established group of individuals in the UNIX computer accounting system.

    To obtain a project number, go to the Support Center's Access Forms page. Log in and submit the UNIX Instructional Project Request if you are a faculty member setting up restricted access Web pages for a class or the UNIX New Project Request if you are faculty or staff setting up restricted access Web pages for something other than a class. Use the "restrict by user" method rather than requesting a project if the number of people to whom you would like to offer access is fewer than 30. Student organizations who have Web directories on copland will already have a project number. Individual students can not obtain a project number.

  9. How do I use the pico editor?
  10. See the Pico Text Editor Help Page.