header left image   header right image
Toolkit button Toolkit
Publishing Help Publishing Help
Publisher Forum Publisher Forum
Web Policies Web Policies
Web Security Web Security
For Beginners For Beginners

Home > Toolkit > Web Auth

Restricting Access to Web Pages with WebAuth

What is WebAuth?

WebAuth is a web site protection scheme that allows you to restrict access to your web pages. You can decide who sees your pages: only members of the Brown Community, or specific individuals. Users log in with their NetIDs and passwords to gain access to restricted sites.

How do I use WebAuth?

If you want to restrict your entire web site (Not Recommended), simply upload an .htaccess file into the top level directory. To create a .htaccess file, you can use a tool that has been created for this purpose. The tool simply asks for you to fill in the type of restriction you would like, and will return to you the text to use.

Copy the text into a plain file, save the file as ".htaccess". Don't forget the dot in the front and make sure no other extension gets put on the file. The entire name of the file should be ".htaccess" (without the quotes). Then, upload the file to your top level directory, and test it out.

Restricting an entire web site is not recommended as response times could be dramatically slowed. Put ONLY files that contain sensitive information behind WebAuth. For example, if your web page has images or pictures that are not sensitive, put them in an unrestricted directory. If all html files need to be restricted, but the pages use images, pictures, includes, or style sheets that are not sensitive, set up two directories, one for restricted items and the other for unrestricted. This will help speed your page response times.

If you only want to restrict access to a few pages, create a new subdirectory on the web server, put the pages to be restricted and the .htaccess file in this directory.

Use .htaccess Tool

What different ways can I restrict access to my pages?

One way is to restrict your pages to only members of the Brown community (i.e., anyone with a valid NetID and password). To do that, simply check the "Restrict access to the greater Brown community" box in the htaccess Tool, leave everything else as is, and click the Generate .htaccess file button.

Another way is to specify the NetIDs, DNS, or IP address of the individuals who should have access to your pages. Put these NetIDs into the text area in the form (NetIDs should either be separated from one another by spaces, or one on each line, whatever is easier for you), check the box associated with that field, and click the Generate .htaccess file button.

You can also restrict access to specific student class year, all undergraduates, all graduate students or a combination of these.  Here are the groups that you would use in your .htaccess file:
COMMUNITY.STUDENT.UNDERGRAD.ALL
COMMUNITY.STUDENT.UNDERGRADUATE.FRESHMAN
COMMUNITY.STUDENT.UNDERGRADUATE.SOPHOMORE
COMMUNITY.STUDENT.UNDERGRADUATE.JUNIOR
COMMUNITY.STUDENT.UNDERGRADUATE.SENIOR
COMMUNITY.STUDENT.GRADUATE
(Note: This is slightly advanced and you'd need to know the format of what an .htaccess file needs to contain)

What happens after I submit the .htaccess form?

Once you have submitted your form from the .htaccess Tool, you will then be taken to a web page that has the exact contents of your .htaccess file in it. You simply need to copy that text, paste it into a plain text file, save it as .htaccess, and upload it using an FTP client. (More specific instructions are available on that page.)

Use the .htaccess Tool

[Toolkit]   [ Publishing Help]   [Publisher Forum]   [Web Policies]  [Web Security]   [Brown Home]   [CIS Home]   [Home]


Page Last Modified: Tuesday, 18-Jan-2005 12:21:13 EST by CIS