Note: Currently, it is possible to restrict Web pages only on the central (www.udel.edu) Web server. The directions below will not work on the copland (udel.edu) Web server.
It is possible to restrict access to Web pages (i.e., to allow only certain people to view the Web pages with a Web browser) on the central (www.udel.edu) Web server. You can make your Web pages accessible only to the specific users, groups, or IP addresses you indicate.
Note: These instructions assume you already have a Web directory. If you don't, see How do I get a Web directory? and then return to these instructions.
To restrict access to Web pages, you must place a .htaccess file in the directory to which you want to restrict access. Because you probably have other Web pages you want everyone to be able to see, you will need to create a special directory for the restricted pages and give your files the correct permissions.
mkdir restricted_dir_name setfacl -r -m user:www:r-x restricted_dir_name cd restricted_dir_name
mkdir restricted_dir_name chgrp project_number restricted_dir_name chmod 770 restricted_dir_name chmod g+s restricted_dir_name setfacl -r -m user:www:r- restricted_dir_name cd restricted_dir_name
There are three ways to restrict access (allow only certain people to view your Web pages with a Web browser):
<limit GET> order deny,allow deny from all allow from 128.175 allow from 128.4 </limit>
Note: do not put a space before or after the comma in allow,deny. The server will consider this a syntax error and will not allow anyone to access your directory.
The lines above will allow anyone accessing the Web from a UD computer address to see the files in these directories but will not allow anyone outside UD to see them. You can modify the "allow" line (or add more "allow" lines) to meet your needs.
Example of a .htaccess file to restrict access to just the users of a computer with 188.8.131.52 as its IP address:
<limit GET> order deny,allow deny from all allow from 184.108.40.206 </limit>
authtype basic <limit GET> require user username(s) </limit>
For username(s), substitute the actual UDelNet ID(s) of the person or people to whom you want to allow access. For more than one user, list each name separated by a space. For example, to allow users "banana," "apple," and "pear" to access the files in your restricted access directory, you would substitute require user banana apple pear for the require user username(s) line. If your list of users does not fit on one line, each line of the list of users must begin with require user. To allow access to anyone with a UDelNet ID and to prevent anyone else from accessing this directory, substitute Require valid-user for the require user username(s) line.
Example of a .htaccess file to restrict access to users "banana," "apple," and "pear":
authtype basic <limit GET> require user banana apple pear </limit>
authtype basic <limit GET> require group project_number </limit>
Substitute the actual project number for project_number. For example, to allow only users in project 1111 to access your restricted directory, you would substitute require group 1111 for the require group project_number line.
Example of a .htaccess file to restrict access to users in project 1111:
authtype basic <limit GET> require group 1111 </limit>
chmod o+r .htaccess
You have now completed all the steps necessary to restrict access to Web pages contained in your restricted directory. When users access URLs contained within directories protected in this way, the browser will present a Username and Password Required dialog box in which the user will be prompted to enter his or her UDelNet ID (username) and password.
Note: To ensure that people will be logging in through a secure page, when you create the href link to your restricted page, use https rather than http in the URL. For example, https://www.udel.edu/filename.html.
UD faculty and staff can obtain space on the central Web server (www.udel.edu) to publish official University information by completing the WWW Directory Request Form.
Finding the person's UDelNet ID is a two-step process.
This will give you a list of approximate matches to the name you seek. The matches are in the form email@example.com. You must type the entire name to get the person's exact information, including the UDelNet ID.
to get the person's UDelNet ID.
All members of the UD community have a UDelNet account. To activate your UDelNet account, see the University of Delaware Network page.
A project is an established group of individuals in the UNIX computer accounting system.
To obtain a project number, go to the Support Center's Access Forms page. Log in and submit the UNIX Instructional Project Request if you are a faculty member setting up restricted access Web pages for a class or the UNIX New Project Request if you are faculty or staff setting up restricted access Web pages for something other than a class. Use the "restrict by user" method rather than requesting a project if the number of people to whom you would like to offer access is fewer than 30. Student organizations who have Web directories on copland will already have a project number. Individual students can not obtain a project number.
See the Pico Text Editor Help Page.