Contents

Note: Currently, it is possible to restrict Web pages only on the central (www.udel.edu) web server. The directions below will not work on the copland (udel.edu) Web server.

Description

Note: These instructions assume you already have a Web directory; if you don't, see How do I get a Web directory? and then return to these instructions.

Contents

Instructions

To restrict access to Web pages, you must place a ".htaccess" file in the directory to which you want to restrict access. Because you probably have other Web pages you want everyone to be able to see, you will need to create a special directory for the restricted pages and give your files the correct permissions.

1. Change to the directory in which you want to create a restricted directory.

1. Log in to your UDelNet account.
2. At the copland.udel.edu prompt, type the following command, replacing directory_name with the name of your directory on the central Web server. Then press ENTER:

   cd /www/htdocs/directory_name

2. Create the directory you want to restrict.
• If you alone are creating and working on the files to which you wish to restrict access, type the following commands, pressing ENTER after each command and replacing restricted_dir_name with a name of your choice:

  mkdir  restricted_dir_name 
  setfacl -r -m user:www:r-x restricted_dir_name 
  cd restricted_dir_name 

• If you and your workgroup are creating and working on the files to which you wish to restrict access, type the following commands, pressing ENTER after each command, replacing project number with your actual project number and restricted_dir_name with a name of your choice:

  mkdir restricted_dir_name 
  chgrp project_number restricted_dir_name 
  chmod 770 restricted_dir_name 
  chmod g+s restricted_dir_name 
  setfacl -r -m user:www:r-x restricted_dir_name 
  cd restricted_dir_name

3. Create your .htaccess file.

   There are three ways to restrict access (allow only certain people to view your Web pages with a Web browser):

   • By IP address
   • By user
   • By group

   Restrict access by IP address

   1. Create your .htaccess file using the Pico editor. At the percent sign prompt, type the following command and press ENTER:
      pico .htaccess
   2. To restrict by IP address, type the following lines into the ".htaccess" file:
      <limit GET>
      order deny,allow
      deny from all
      allow from 128.175
      allow from 128.4
      </limit>

      Note: do NOT put a space before or after the comma in "allow,deny". The server will consider this a syntax error and will not allow anyone to access your directory.

   3. Save your file and exit Pico by pressing Ctrl-X.

   The lines above will allow anyone accessing the Web from a UD computer address to see the files in these directories but will not allow anyone outside UD to see them. You can modify the "allow" line (or add more "allow" lines) to meet your needs.

   Example of a .htaccess file to restrict access to just the users of a computer with 111.111.1.11 as its IP address:
    

   <limit GET>  order deny,allow  deny from all  allow from 111.111.1.11  </limit>

   Restrict access by user

   1. Create your .htaccess file using the Pico editor. At the percent sign prompt, type the following command and press ENTER:
      pico .htaccess
   2. To restrict by user, type the following lines into the ".htaccess" file:
      authtype basic
      <limit GET>
      require user username(s)
      </limit>
       

      For username(s), substitute the actual UDelNet ID(s) of the person or people to whom you want to allow access. For more than one user, list each name separated by a space. For example, to allow users "eileen," "richard," and "20838" to access the files in your restricted access directory, you would substitute "require user eileen richard 20838" for the "require user username(s)" line. If your list of users does not fit on one line, each line of the list of users must begin with "require user". To allow access to anyone with a UDelNet ID and to prevent anyone else from accessing this directory, substitute "Require valid-user" for the "require user username(s)" line.

   3. Save your file and exit Pico by pressing Ctrl-X.

   Example of a .htaccess file to restrict access to users "eileen", "richard", and "20838":

   authtype basic  <limit GET>  require user eileen richard 20838  </limit>

Restrict access by group

1. Create your .htaccess file using the Pico editor. At the percent sign prompt, type the following command and press ENTER:
   pico .htaccess
2. To restrict by group, type the following lines into the ".htaccess" file:
   authtype basic
   <limit GET>
   require group project_number
   </limit>

   Substitute the actual project number for project_number. For example, to allow only users in project 1111 to access your restricted directory, you would substitute "require group 1111" for the "require group project_number" line.

3. Save your file and exit Pico by pressing Ctrl-X.

Example of a .htaccess file to restrict access to users in project 1111:

authtype basic  <limit GET>  require group 1111  </limit>

4. To have the .htaccess file work correctly, at the percent sign prompt, type the following command and press ENTER:
   chmod o+r  .htaccess

You have now completed all the steps necessary to restrict access to Web pages contained in your restricted directory.  When users access URLs contained within directories protected in this way, the browser will present a "Username and Password Required" dialog box in which the user will be prompted to enter his or her UDelNet ID (username) and password.

Note: To ensure that people will be logging in through a secure page, when you create the "href" link to your restricted page, use "https" rather than "http" in the URL. For example, "https://www.udel.edu/filename.html".

Contents

Common Questions

1. How do I get a Web directory?

UD faculty and staff can obtain space on the central Web server (www.udel.edu) to publish official University information by completing the WWW Directory Request Form.

2. How do I find out a person's UDelNet ID?

Finding the person's UDelNet ID is a two-step process.

1. At the copland % prompt, type the following command, substituting the person's last name for name and pressing ENTER:

   finger name@udel.edu

   This will give you a list of approximate matches to the name you seek. The matches are in the form first.m.last@udel.edu. You must type the entire name to get the person's exact information, including the UDelNet ID.

2. Type

   finger first.m.last@udel.edu

   to get the person's UDelNet ID.

3. How does a person get a UDelNet account?

All members of the UD community have a UDelNet account. To activate your UDelNet account, see the University of Delaware Network page.

4. What is a project, and how do I get a project number?

A project is an established group of individuals in the Unix computer accounting system.

To obtain a project number, submit the UNIX Instructional Project Request if you are a faculty member setting up restricted access Web pages for a class, or the UNIX New Project Request if you are faculty or staff setting up restricted access Web pages for something other than a class. Use the "restrict by user" method rather than requesting a project if the number of people to whom you would like to offer access is fewer than 30. Student organizations who have Web directories on copland will already have a project number. Individual students can not obtain a project number.

5. How do I use the pico editor?

See the Pico Text Editor Help Page.

Contents