Controlling access to web pages on pangea

Last revision November 8, 2017

Web Hosting Table of Contents:
  1. Using Pangea web server
  2. Personal web site
  3. Limiting access to web pages
  4. Using include files and templates on pangea
  5. Suggestions for creating/editing pages
  6. Other resources

The Apache web server that runs on pangea includes many features for customizing operation and controlling access to pages. In addition, we have added the Stanford WebAuth system to provide access control by SUNet ID.

On pangea, we have configured Apache to check each web folder that it serves for a "directives" file named .htaccess (the leading dot character (.) is part of the name). You are allowed to use certain directives in this file, as described in the links below, to control who can access the files contained within your personal or group folder. These restrictions apply to all files in the folder tree, so you may want to just apply restrictions to a subfolder by placing the .htaccess file in that subfolder. See notes below for the best way to make the .htaccess file.

You have many choices for the type of access restriction you can make. Follow the links to get more information. Note that restricting access by any of these methods will prevent Google, Bing, Yahoo, and other search engines from finding and indexing the files in the restricted directory. If you don't want to actually limit user access, but just prevent search engines from accessing your directory, you must contact the webmaster and ask him to add your directory to the "disallow" list in the site-wide "robots.txt" file.

  1. Limit access by requiring SUNet ID: pangea supports the WebAuth system for authenticating by SUNet ID. You can use WebAuth directives in .htaccess files in your web folders.

  2. Limit access to specific computers: only let someone see the pages if he is using a computer that has a certain IP address or is part of a certain IP domain (for example, the "" domain).

  3. Limit access by requiring a password: require the viewer to provide a user name and password that you have created for him before he can see the pages.

  4. Limit access by computer and password: require the viewer to provide a user name and password and be using a computer with a certain IP address or domain.

  5. Limit access by computer or password: require the viewer to provide a user name and password or be using a computer with a certain IP address or domain.

Making your .htaccess file

In every case access restrictions are specified by keywords in a special file named .htaccess that you create in the folder that is being restricted. The leading dot character (.) is part of the file name!

Use a text editing program to make the file, but be sure to save it in a plain text format. For example, the normal Microsoft Word format is not suitable because it contains control characters to set formatting. Similarly, the normal TextEdit program on Mac OS X is also not suitable - its RTF format has those pesky formatting controls. Here are some suggestions for programs to use to make or edit this file:

  • Microsoft Word
    Always use the Save As menu option to save your .htaccess file in the compatible "Text Only with Line Breaks" format.

  • Notepad
    This Windows built-in program creates plain text files by default.

  • TextEdit
    This program is built-in to Mac OS X. By default, it creates files in the RTF format. When you use it to create or edit an .htaccess file, go to the Format menu and select the Make Plain Text option. That will force the file to be saved as plain text only.

  • TextWrangler
    This is a free general purpose editor for Mac OS X from Bare Bones Software. When you make a new file, use the "Unix (LF)" option from the Line breaks: menu in the Save dialog box.

  • vi, emacs, and pico
    These general purpose editing programs are normally found on Linux workstations (or within the Terminal application on Mac OS X). They all save files in plain text format.

After you make the file on your PC or Mac load it into the appropriate folder on the sesfs file server. Depending upon the method you use to access the file server directory, you may find that you cannot see this .htaccess file because the leading dot character (.) in the name marks it as a "hidden file"! Follow these instructions to enable viewing of these "hidden files", depending upon your access method:

WARNING: the access control methods described here only restrict web browser access to the specified folders. If you are trying to restrict access to the contents of a group folder on the main WWW share, it may still be seen and copied by everyone in the School of Earth Sciences if they connect to the sesfs file server and mount that share. To prevent this and keep the folder contents truly private, ask the sesfs system managers to change the permission on that folder to remove the read access by "Everyone".

Your personal web space in the WWW subfolder of your home share is not accessible to anyone else through file share connections, so the caution above does not apply to those personal web spaces.

You can get more information on the many uses of .htaccess files from the article Using .htaccess files with Apache from the ServerWatch web site.

Comments or Questions?