• Hartley Conference Center
• Room Resources
• Computing Resources
  • News
  • New Users
  • Policies
  • Sesfs File Server
  • Web Server
    • Personal Setup
    • Limiting Access
    • Email Form
    • Other Resources
  • Computer Labs
  • CEES Computational Clusters
  • Get Help
  • Net Connections
  • Your Macintosh
  • Your Windows PC
  • Your Unix/Linux System
  • Other School Resources
  • Using Unix
• Health and Safety

Controlling access to web pages on pangea

Last revision October 19, 2011

The Apache web server that runs on pangea includes many features for customizing operation and controlling access to pages. In addition, we have added the Stanford WebAuth system to provide access control by SUNet ID.

On pangea, we have configured Apache to check each web folder that it serves for a "directives" file named .htaccess (the leading dot character (.) is part of the name). You are allowed to use certain directives in this file, as described in the links below, to control who can access the files contained within your personal or group folder. These restrictions apply to all files in the folder tree, so you may want to just apply restrictions to a subfolder by placing the .htaccess file in that subfolder. See notes below for the best way to make the .htaccess file.

You have many choices for the type of access restriction you can make. Follow the links to get more information.

1. Limit access by requiring SUNet ID: pangea supports the WebAuth system for authenticating by SUNet ID. You can use WebAuth directives in .htaccess files in your web folders.

2. Limit access to specific computers: only let someone see the pages if he is using a computer that has a certain IP address or is part of a certain IP domain (for example, the "stanford.edu" domain).

3. Limit access by requiring a password: require the viewer to provide a user name and password that you have created for him before he can see the pages.

4. Limit access by computer and password: require the viewer to provide a user name and password and be using a computer with a certain IP address or domain.

5. Limit access by computer or password: require the viewer to provide a user name and password or be using a computer with a certain IP address or domain.

Making your .htaccess file

In every case access restrictions are specified by keywords in a special file named .htaccess that you create in the folder that is being restricted. The leading dot character (.) is part of the file name!

Use a text editing program to make the file, but be sure to save it in a plain text format. For example, the normal Microsoft Word format is not suitable because it contains control characters to set formatting. Similarly, the TextEdit program on Mac OS X is also not suitable - its RTF format has those pesky formatting controls. Here are some suggestions for programs to use to make or edit this file:

• Microsoft Word
  Always use the Save As menu option to save your .htaccess file in the compatible "Text Only with Line Breaks" format.

• Notepad
  This Windows program creates plain text files by default.

• TextWrangler
  This is a free general purpose editor for Mac OS X from Bare Bones Software. When you make a new file, use the "Unix (LF)" option from the Line breaks: menu in the Save dialog box.

• vi, emacs, and pico
  These general purpose editing programs are normally found on Linux workstations (or within the Terminal application on Mac OS X). They all save files in plain text format.

After you make the file on your PC or Mac load it into the appropriate folder on the sesfs file server. Depending upon the method you use to access the file server directory, you may find that you cannot see this .htaccess file because the leading dot character (.) in the name marks it as a "hidden file"! Follow these instructions to enable viewing of these "hidden files", depending upon your access method:

• Network file share connection from Windows to sesfs.
• Network file share connection from Mac OS X to sesfs.
• SecureFX connection from Windows to sestransfer.
• Fetch connection from Mac OS X to sestransfer.

WARNING: the access control methods described here only restrict web browser access to the specified folders. If you are trying to restrict access to the contents of a group folder on the main WWW share, it may still be seen and copied by everyone in the School of Earth Sciences if they connect to the sesfs file server and mount that share. To prevent this and keep the folder contents truly private, ask the sesfs system managers to change the permission on that folder to remove the read access by "Everyone".

Your personal web space in the WWW subfolder of your home share is not accessible to anyone else through file share connections, so the caution above does not apply to those personal web spaces.

You can get more information on the many uses of .htaccess files from the article Using .htaccess files with Apache from the ServerWatch web site.