You can restrict access to web pages (i.e., to allow only certain people to view the web pages with a web browser) on the central (www1.udel.edu) web server. You can make your web pages accessible to specific users, groups, or IP addresses.
To restrict access to web pages, you must place a .htaccess file in the directory to which you want to restrict access. Because you probably have other web pages you want everyone to be able to see, you will need to create a special directory for the restricted pages and give your files the correct permissions.
mkdir restricted_dir_name chmod 755 restricted_dir_name cd restricted_dir_name
mkdir restricted_dir_name chgrp project_number restricted_dir_name chmod 775 restricted_dir_name chmod g+s restricted_dir_name cd restricted_dir_name
The two options above leave the content you publish in the directory visible to users who login to copland.udel.edu. If you need to prevent such access, consider having the directory set up for WebDAV publishing. If WebDAV is infeasible, advanced UNIX file access control using file ACLs can be used.
Access to users other than the owning user and group is removed. Then a file ACL granting read access to the web server is added.
chmod o-rwx restricted_dir_name setfacl -m group:www:r-x restricted_dir_name
Specific information is listed below.
To restrict access to computers with specific IP addresses or in specific networks, type the following line into the .htaccess file:
Require ip address_or_network(s)
For address_or_network, substitute IP address(es) or network(s). Multiple values should be separated by a space. If the remote computer has its IP address present in the list or is on a network present in the list, access is granted. The acceptable IP address and network syntax is covered in the Apache documentation.
Here's an example of a .htaccess directive to restrict access to computers on University networks:
Require ip 128.175 128.4 10
To restrict by user, type the following line into the .htaccess file:
Require user username(s)
For username(s), substitute the actual UDelNet ID(s) of the person or people to whom you want to allow access. For more than one user, list each name separated by a space.
Here's an example of a .htaccess file to restrict access to users "banana," "apple," "pear", "mango," "grape," "fig":
Require user banana apple pear mango grape fig
To allow access to anyone with a valid UDelNet ID, substitute Require valid-user:
To restrict by group, type the following line into the .htaccess file:
Require ldap-group cn=project_number,ou=Groups,o=udel.edu
Substitute the actual project number for project_number. If you want to restrict access to more than one group, include additional lines, one for each group, and group them in a <RequireAny> block (see Combining directives below). For example, to allow only users in projects 1111 and 1776 to access your restricted directory, create a .htaccess file like this one:
<RequireAny> Require ldap-group cn=1111,ou=Groups,o=udel.edu Require ldap-group cn=1776,ou=Groups,o=udel.edu </RequireAny>
By default when multiple Require directives are present in the .htaccess file, a request that satisfies at least one of the directives will be granted access. For example:
Require ip 128.175 128.4 10 Require valid-user
Requests made from computers on University networks will satisfy the Require ip directive and authentication will not be required. From anywhere else on the Internet, authentication is required and, so long as it succeeds, the access is granted.
More complex combinations can be made by grouping Require directives together:
For example, if your list of allowed users requires two lines, add the <RequireAny> and </RequireAny> lines to the file:
<RequireAny> Require user banana apple pear mango grape fig Require user maryqdoe johnxroe fawndeer fisherman </RequireAny>
Here's a more complex example showing how to grant access to members of project 9999 who are using a computer on the 220.127.116.11/26 subnet of the campus network:
<RequireAll> Require ip 18.104.22.168/26 Require ldap-group cn=9999,ou=Groups,o=udel.edu </RequireAll>
Groupings can be nested inside each other. For example, if members of either of two projects should be granted access while on campus, the .htaccess would look like the following:
<RequireAll> Require ip 22.214.171.124/26 <RequireAny> Require ldap-group cn=9999,ou=Groups,o=udel.edu Require ldap-group cn=1000,ou=Groups,o=udel.edu </RequireAny> </RequireAll>
chmod 644 .htaccess
You have now completed all the steps necessary to restrict access to web pages contained in your restricted directory. When users access URLs contained within directories protected in this way, the browser will present a Username and Password Required dialog box in which the user will be prompted to enter his or her UDelNet ID (username) and password. For more information about all the uses of a .htaccess file, review this Apache.org web page
UD faculty and staff can obtain space on the central web server (www1.udel.edu) to publish official University information by completing the WWW Directory Request Form.
Finding the person's UDelNet ID is a two-step process.
This will give you a list of approximate matches to the name you seek. The matches are in the form email@example.com. You must type the entire name to get the person's exact information, including the UDelNet ID.
to get the person's UDelNet ID.
All members of the UD community have a UDelNet account. To activate your UDelNet account, see the University of Delaware Network page.
A project is an established group of individuals in the UNIX computer accounting system.
To obtain a project number, go to the Support Center's Access Forms page. Log in and submit the UNIX Instructional Project Request if you are a faculty member setting up restricted access web pages for a class or the UNIX New Project Request if you are faculty or staff setting up restricted access web pages for something other than a class. Use the "restrict by user" method rather than requesting a project if the number of people to whom you would like to offer access is fewer than 30. Student organizations who have web directories on copland will already have a project number. Individual students can not obtain a project number.
See the Pico Text Editor Help Page.