Web pages are normally available to any user. However, access to web pages can be restricted in one or both of these ways:
Both methods share some features:
.htaccess
that is placed in the directory to be protected.
The file must be readable by the web server.
In other words, user www must be able to read the file.Using a user ID and password combination is easiest when there are few user IDs involved. For class situations, the goal is to prevent access to the entire world, so a well-known user ID and password for a class is a reasonable approach. This will not restrict access by roommates or friends, but will prevent access by the entire world. This is similar to how lectures are restricted. We don't ask for a photographic identification of everyone walking in to a lecture hall. Nonetheless, simple physical limits prevent 10,000 people from attending a lecture.
To restrict access with a user ID and password,
you need to add two files to the directory.
The first file is named .htaccess.
Place the following lines into the .htaccess file.
This file tells the web server that to gain access to all files in this directory, the client must enter a user ID and password that matches one in the file /usr/local/data/www/your_directory_name/userlist.txt,
where your_directory_name is the path to the protected directory.
The Site Description should be a short description of the site. The description is used by the browser in the prompt for the password. The prompt varies with different browsers, but is similar to:
Enter username for site description at www.k-state.edu:
The second file is named userlist.txt. Inside this file, each user has one line of the form:
userid:encryptedpassword
where userid is the user name and encryptedpassword is the password, encrypted with the standard Unix password encryption algorithm. These lines can be created with the password encryption page.
These user IDs and passwords are created for the web page only. They have no relationship to the user IDs and passwords used to access CTS's Unix system, Telecommunication's dial-in service, or departmental resources.
Any number of user IDs and passwords can be included in the userlist.txt
file. However, management of forgotten passwords may become burdensome for the page author.
For classes, a single user ID and password should be sufficient.
The URL http://www.k-state.edu/tools/restrict-access/password
is protected by user ID neil and password testpass.
Try the link to verify that the protection works.
Every computer connected to the Internet has an Internet Protocol (IP) address. Such addresses are written as four numbers separated by periods. For example, 129.130.12.5 is the address assigned to one of K-State's central Unix machines. All IP addresses that have 129.130 as the first two numbers are associated with K-State.
To restrict access based on an IP address, put the following lines in the .htaccess file:
Order deny,allow
Deny from all
Allow from ipaddress
Satisfy Any
where ipaddress is the IP address pattern that is allowed access. You can have as many lines of ipaddresses as needed, or you can use a partial IP address to limit to a group of IP's, such as a building or department. For example, to limit access to K-State's IP addresses, use "129.130".
Order deny,allow
Deny from all
Allow from 129.130
Satisfy Any
An example page restricted to K-State only shows how to limit access to K-State IP addresses, i.e., those with the first two numbers of "129.130".
userlist.txt file must
reflect where the file is stored. For K-State home directories, the path is of the format:
/homes/userid/.html/userlist.txt
To find out your home directory, log on to Unix and run the command "echo $HOME".
More specifically, an IP address restriction of 129.130 would allow access only by computers on campus, those using Telecommunications dial-in service, and those using the Virtual Private Network.
Off campus access to K-State IP restricted websites can be handled by using K-State's Virtual Private Network (VPN).
.htaccess and userlist.txt files must themselves
be readable by the web server, i.e., have appropriate Unix file permissions.
For files on the www.k-state.edu server,
the Unix Access Control List provides appropriate defaults.
However, for the www-personal.ksu.edu
server, be sure to change permissions as you normally would for an HTML file..htaccess is done at the global level. As you can use any file name to store your eid/password (we suggest userlist.txt) you should protect it also. Access to these files may help hackers understand and plan circumventions of access restrictions. Common passwords, for example, can be determined from the encrypted password.
To remove all access to these files, add the following to the
end of the .htaccess file:
Order allow,deny
Deny from all
Satisfy All
With this addition, the files cannot be accessed via the web server. However, the files are still accessible via FTP, samba, or by logging on to the Unix system.
Server Error
This server has encountered an internal error which prevents it from fulfilling your request. The most likely cause is a misconfiguration. Please ask the administrator to look for messages in the server's error log.
check the format of the .htaccess file.
This error can also occur of the userlist.txt file isn't at the location specified in the .htaccess file or can't be read by user www.
If you use pico to edit the .htaccess file, beware that pico by default wraps long lines.
To widen the margin so that there is enough room for the long middle line of the
.htaccess file, use the command:
pico -r200 .htaccess