|
Controlling access to web pages on pangeaLast revision July 10, 2009
The Apache web server that runs on pangea includes many features for customizing operation and controlling access to pages. In addition, we have added the Stanford WebAuth system to provide access control by SUNet ID. On pangea, we have configured Apache to check each web folder that it serves for a "directives" file named .htaccess (the leading period character (.) is part of the name). You are allowed to use certain directives in this file, as described in the links below, to control who can access the files contained within your personal or group folder. These restrictions apply to all files in the folder tree, so you may want to just apply restrictions to a subfolder by placing the .htaccess file in that subfolder. See notes below on the best way to make the .htaccess file. You have many choices for the type of access restriction you can make. Follow the links to get more information.
In every case the restrictions are specified by keywords in an .htaccess file that you create in the folder that is being restricted. Use your favorite text editor to make the file, but be sure to save it in a plain text format. For example, the normal Microsoft Word format is not suitable because it contains control characters to set formatting, but you can use the Save As menu option to save your .htaccess file in the compatible "Text Only with Line Breaks" format. The Windows Notepad program also creates plain text files, but the TextEdit program on Mac OS X does not - its RTF format has those pesky formatting controls. A plain text editor such as vi or emacs can be used on Linux (or within the Terminal application on Mac OS X) to make the file. After you make the file on your PC or Mac load it into the appropriate folder on the sesfs file server. WARNING: the access control methods described here apply only to web browser access to the restricted files. If you are trying to restrict access to the contents of a group folder on the main WWW share, it can still be seen and copied by everyone in the School of Earth Sciences if they connect to the sesfs file server and mount that share. To prevent this and keep the folder contents truly private, ask the sesfs system managers to change the permission on that folder to remove the read access by "Everyone". Your personal web space in the WWW subfolder of your home share is not accessible to anyone else through file share connections, so the caution above does not apply to those personal web spaces. You can get more information on the many uses of .htaccess files from the article Using .htaccess files with Apache from the ServerWatch web site.
|