Stanford University School of Earth Science
 
Home
News
New Users
Policies
Network File Server
Web Server
    Personal Setup
   Email Form
   Other Resources
Get Help
Net Connections
Your Macintosh
Your Windows PC
Your Unix/Linux System
Other School Resources
Using Unix

Controlling access to web pages on pangea

Last revision July 10, 2009

Web Hosting Table of Contents:

  1. Using Pangea web server
  2. Personal web site
  3. Limiting access to web pages
  4. Using include files and templates on pangea
  5. Using the pangea mail form
  6. Suggestions for creating/editing pages
  7. Other resources
  

The Apache web server that runs on pangea includes many features for customizing operation and controlling access to pages. In addition, we have added the Stanford WebAuth system to provide access control by SUNet ID.

On pangea, we have configured Apache to check each web folder that it serves for a "directives" file named .htaccess (the leading period character (.) is part of the name). You are allowed to use certain directives in this file, as described in the links below, to control who can access the files contained within your personal or group folder. These restrictions apply to all files in the folder tree, so you may want to just apply restrictions to a subfolder by placing the .htaccess file in that subfolder. See notes below on the best way to make the .htaccess file.

You have many choices for the type of access restriction you can make. Follow the links to get more information.

  1. Limit access by requiring SUNet ID: pangea supports the WebAuth system for authenticating by SUNet ID. You can use WebAuth directives in .htaccess files in your web folders.

  2. Limit access to specific computers: only let someone see the pages if he is using a computer that has a certain IP address or is part of a certain IP domain (for example, the "stanford.edu" domain).

  3. Limit access by requiring a password: require the viewer to provide a user name and password before he can see the pages.

  4. Limit access by computer and password: require the viewer to provide a user name and password and be using a computer with a certain IP address or domain.

  5. Limit access by computer or password: require the viewer to provide a user name and password or be using a computer with a certain IP address or domain.

In every case the restrictions are specified by keywords in an .htaccess file that you create in the folder that is being restricted. Use your favorite text editor to make the file, but be sure to save it in a plain text format. For example, the normal Microsoft Word format is not suitable because it contains control characters to set formatting, but you can use the Save As menu option to save your .htaccess file in the compatible "Text Only with Line Breaks" format. The Windows Notepad program also creates plain text files, but the TextEdit program on Mac OS X does not - its RTF format has those pesky formatting controls. A plain text editor such as vi or emacs can be used on Linux (or within the Terminal application on Mac OS X) to make the file.

After you make the file on your PC or Mac load it into the appropriate folder on the sesfs file server.

WARNING: the access control methods described here apply only to web browser access to the restricted files. If you are trying to restrict access to the contents of a group folder on the main WWW share, it can still be seen and copied by everyone in the School of Earth Sciences if they connect to the sesfs file server and mount that share. To prevent this and keep the folder contents truly private, ask the sesfs system managers to change the permission on that folder to remove the read access by "Everyone".

Your personal web space in the WWW subfolder of your home share is not accessible to anyone else through file share connections, so the caution above does not apply to those personal web spaces.

You can get more information on the many uses of .htaccess files from the article Using .htaccess files with Apache from the ServerWatch web site.

 


Comments?

Stanford University    |