[an error occurred while processing this directive]
Security of Web Resources
IntroductionCIS supports several different ways of securing your web resources. Depending on the kind of security used, the method of accessing the resources may be different. This document attempts to outline the different approaches to web security that are supported and shows web publishers how to implement them.
In this document:
- Approaches to Security - Overview
- Accessing Restricted Resources - Information for Users
- Restricting Access to Web Resources - Information for Brown web publishers
Useful links:
- WebAuth
- Remote Access Service (Proxy)
- Htaccess Tool
- Frequently Asked Questions about Brown's Remote Access Services
These are the approaches to securing pages on the Brown web server (www.brown.edu):
| Restrict Access By... | Also Known As... | Description and Notes |
| Brown Username and Password | WebAuth |
Access is restricted based on Brown Username and password. You can decide who sees your pages: only members of the Brown Community, members of particular Brown groups, or specific individuals. Users log in with their Brown Usernames and passwords to gain access to restricted sites. WebAuth performs two functions: 1) it identifies and authenticates users through a login form and 2) it determines if the authenticated user is authorized to access the restricted resource. WebAuth is the preferred method of restricting access to web pages at on Brown's main web server (www.brown.edu). |
| Network Address | IP restriction |
Access is restricted based on a range on IP numbers or network addresses. Users surfing the Internet from one of the machines within the IP range are allowed access without logging in. Users accessing the Internet from machines outside of the IP range are denied access to the protected resources. This protection scheme is used most often by vendors of electronic Library databases. Access to these databases is usually restricted to machines on Brown's network. FYI: Brown's network addresses start with either 128.148 or 138.16. Please note that IP restriction is no longer the preferred way of restricting access to web pages on Brown's main web server (www.brown.edu); WebAuth is preferred. |
| Arbitrary Username and Password | Custom username and password | Access is restricted based on arbitrary usernames and passwords. After setting the username and password, the web publisher distributes this information to the people who should have access to the protected resources. This is sometimes useful if you want to restrict access to material that will be accessed by members of the Brown community and people outside of Brown. |
Please note that it is possible to use more than one of these approaches at once. For example, if you were to use both WebAuth and IP-Restrictions, people accessing the web materials from the range of network addresses that are allowed would not need to log in. People accessing the web materials from outside of the allowed range of addresses would need to log in with their Brown Usernames and password.
Accessing Restricted Resources 
When using the resources on the Brown web, you may come across resources that have restricted access. In most cases, you will be presented with on-screen instructions for proceeding.
| Method | Description | Additional Info |
| WebAuth |
When you try to access resources on Brown's web server that have been protected using WebAuth, you are presented with the WebAuth login screen. You should enter your Brown Username (ex. jcarberr) and your Brown password into the appropriate fields. In addition, you can select how long you want your session to be. The default session is 20 minutes long, with options for 5 and 60 minutes available. After logging in, a small session window will open up. You should leave this window open and in the background as you use the retstricted web resource. As your session is about to end, the small session window will come back to the front and tell you how much time is left in your session. The small session window also gives you the options of refreshing your session, which requires that you log in again. When you are done using the restricted resource, we recommend that you quit your web browser. |
WebAuth |
| Network Address |
From an on-campus machine - If the resource is restricted to the Brown network, as is the case with most Library databases, you should be able to access the resource freely. In fact, you will likely not even notice that the resource you are using is restricted. From an off-campus machine through an ISP - Again, if the resource is restricted to the Brown network, as is the case with most Library databases, your access will be denied. However, CIS supports a Remote Access Service (Proxy) which you can use to access the resources as if you were on-campus. |
More information about Brown's Reverse Proxy is available. |
| Arbitrary Username and Password | When you attempt to access resource that have been protected with arbitrary usernames and passwords, you will be presented with a login form. Enter the appropriate username and password and you should then be able to access the resources. |
Restricting Access to Web Resources
Access to documents may be controlled on a per-directory basis. The first step is to create a sub-directory to hold the documents you wish to secure (it's okay for the sub-directory to have sub-directories). After you have separated out the files you wish to control access to, you need to create a .htaccess file inside the directory containing special instructions for the server. Changes made by .htaccess files affect all directories from that point downward, unless overridden by another .htaccess file.
.htaccess files are regular ASCII text files. Please name your .htaccess file ".htaccess" (without the quotes, all lower case).
Writing .htaccess files can be a confusing process. One small error in your .htaccess file can cause problems. Please use the HTACCESS TOOL to create your .htaccess files.